“There’s really no limit to data collection, so this data can be collected about you and shared and sold between different data brokers or analytics companies to build really granular consumer profiles, which can then be used for targeted advertising and sold for other purposes,” said Suzanne Bernstein, a law fellow at the Electronic Privacy … Continued
“There’s no overarching law in place at this point to regulate the use of facial recognition. We really should be taking a step back and thinking about the future consequences of moving forward with a technology like this and using it in this way,” Jeramie Scott, Senior Counsel at the Electronic Privacy Information Center, told CBS … Continued
Today the Federal Trade Commission announced a major enforcement action against Amazon, moving to fine the tech and retail giant $25 million and requiring updated data deletion practices.
An FTC order found that Amazon had allowed employees access to sensitive videos from indoor Ring cameras and failed to implement cybersecurity practices to prevent known breaches.
Ben Winters, senior counsel at the Electronic Privacy Information Center and leader of its AI and human rights project, expressed skepticism, telling CNBC he would like to examine the full dataset and accompanying examples. “I just don’t think that this alone does any significant mitigation of concerns about misinformation and incorrect results … when it’s … Continued
EPIC and a bipartisan coalition of civil liberties organizations — Americans for Prosperity, the Center for Democracy and Technology, Demand Progress, Due Process Institute, Free Press Action, FreedomWorks, the Project for Privacy and Surveillance Accountability, Restore the Fourth, and Wikimedia Foundation — have launched a new website on the need for significant reform to the government surveillance ecosystem as part of any reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
EPIC was pleased to present the EPIC International Privacy Champion Award to both Johnny Ryan and Beeban Kidron on May 25th at the Computers, Privacy, and Data Protection (CPDP) conference in Brussels. Johnny Ryan’s work at the Irish Council for Civil Liberties and beyond has established him as an international leader and prominent voice on … Continued
ompany to suspend transfers of personal data to the United States within five months, finding that Meta’s transfers violation the EU’s General Data Protection Regulation.
President Biden has nominated Anna Gomez to serve as member of the Federal Communications Commission, as well as current Commissioners Brendan Carr and Geoffrey Starks. The FCC has been without a full Commission for an unprecedented two-and-a-half years as President Biden’s initial nomination of attorney and consumer advocate Gigi Sohn stalled in the U.S. Senate … Continued
EPIC has just released a new report detailing the wide variety of harms that new generative A.I. tools like ChatGPT, Midjourney, and DALL-E pose! While many of these tools have been lauded for their capability to produce new and believable text, images, audio, and videos, the rapid integration of generative AI technology into consumer-facing products has undermined years-long efforts to make AI development transparent and accountable.
EPIC has contributed to the EU Commission’s call for input to inform its vision for regulations and guidance related to the metaverse. EPIC’s comments focus on the privacy risks and harms present in the metaverse, how the metaverse interacts with existing regulations, and proposals that may mitigate privacy risks. While many privacy risks of the … Continued
The FISC detailed the FBI’s “pattern of conducting broad, suspicionless queries” of information collected under Section 702, a sweeping warrantless foreign intelligence surveillance authority.
On May 12, EPIC, the Clinic to End Tech Abuse (CETA), the National Network to End Domestic Violence (NNEDV), Public Knowledge, and supporters including 10 other survivor advocacy and direct service organizations filed reply comments to the Federal Communications Commission regarding its implementation of the requirements of the Safe Connections Act of 2022. The rulemaking … Continued
EPIC has filed an amicus brief urging the Fourth Circuit to recognize that a school working in conjunction with a police officer cannot search a student cell phone without a warrant.
Last week, EPIC joined an amicus brief written by the ACLU seeking to protect people’s right to be free from warrantless pole camera surveillance, a technique in which police set up cameras on utility poles to monitor a person’s homes for months. The case, United States v. Hay, is currently on appeal in the Tenth … Continued
The Supreme Court has declined to address whether Section 230 of the Communications Decency Act, a law that encourages tech companies to moderate content on their platforms, immunizes companies like Google and Twitter from lawsuits alleging that their recommendation algorithms promoted terrorist activity. In a pair of decisions released today—Gonzalez v. Google and Twitter v. Taamneh.
EPIC has joined a coalition of consumer groups, lead by Public Citizen, in urging the U.S. Supreme Court to reject the latest legal attack on the Consumer Financial Protection Bureau. In the case, payday loan companies hoping to invalidate a CFPB regulation argue that the method Congress chose to appropriate funds to the CFPB violates … Continued
On May 8, EPIC, NCLC, and nine other consumer advocacy groups submitted comments to the Federal Communications Commission in its continuing rulemaking to eliminate robotexts. This rulemaking comes as a follow-up to the Commission’s earlier proposed rule to automatically block texts from numbers unlikely to originate legitimate traffic. The coalition of consumer advocates highlighted the … Continued
On May 11, the Federal Communications Commission cut off a gateway provider from other networks for failing to comply with the FCC’s call blocking rules and failing to respond the Enforcement Bureau’s Notification of Suspected Illegal Traffic and Initial Determination Order. This is the first time the FCC has exercised this authority. A phone call … Continued
uropean Parliament held a series of meetings, resulting in adopting both the text of the AI Act and a resolution outlining risks and proposals for change in the currently-proposed EU-U.S. Data Privacy Framework.
This is the second in a series of blog posts about EPIC’s proposal for a data minimization standard to limit commercial surveillance and protect consumer privacy.
ts on the personal data practices of Meta (previously Facebook), including a ban on monetizing the data of children and restrictions on the company’s use of facial recognition technology.
On Friday, EPIC lead a coalition including Reset Tech, Facebook whistleblower Frances Haugen, and former government officials in filing an amicus brief defending California’s new Age-Appropriate Design Code against a challenge from tech giant advocacy group NetChoice.
On April 28, the Office of the Director of National Intelligence (ODNI) released its Annual Statistical Transparency Report Regarding the Intelligence Community’s Use of National Security Surveillance Authorities, which shows a steady increase in targeting under Section 702 of the Foreign Intelligence Surveillance Act (FISA)—up to nearly 250,000 in 2022—and continued noncompliance with Congressional safeguards.
Existing sectoral federal laws leave most of Americans’ personal data exposed. We need comprehensive data protection legislation, robust enforcement, and ample resources to ensure privacy, equality, and security in our online world.
Last week, EPIC filed an amicus brief in Sequiera v. Department of Homeland Security, et al., in which targets of a mass surveillance program that collected the money transfer records of millions of people are suing the money transfer companies and federal agencies for illegally sharing their financial records. EPIC’s brief pushed back against the … Continued
The heads of the Federal Trade Commission, the Consumer Financial Protection Bureau, the Department of Justice Civil Rights Division, and the Equal Employment Opportunity Commission released a joint statement on enforcement efforts against discrimination and bias in automated systems. “Existing legal authorities apply to the use of automated systems and innovative new technologies just as … Continued
ICE finally published a Privacy Impact Assessment for its massive Alternatives to Detention program surveilling immigrants waiting for court dates. Despite being 20 years late, the document fails to account for most of the harms of ICE surveillance and is already outdated.
The Washington State Legislature finalized passage Monday of the My Health My Data Act (MHMDA), the first state-level health data bill of its kind in the U.S. The bill now heads to Governor Jay Inslee’s desk for his signature to become law.
EPIC and a coalition of civil rights, civil liberties, privacy, and community-based organizations have requestedthat the New York City Council hold a hearing on NYPD’s noncompliance with the POST Act.
In comments to the National Institute of Standards and Technology (NIST), EPIC and the ACLU urged the standards-setting agency to update their draft guidelines to further reduce collection of biometric information and Social Security Numbers, evaluate the potential of W3C Verifiable Credentials, limit use of potentially harmful fraud prevention tools, and take stronger steps to … Continued
In comments submitted to the Administrative Conference of the United States regarding Identifying and Reducing Administrative Burdens, EPIC recommended the agency consider how automated decision making systems are often adopted to reduce barriers on their face, but ends up inflicting additional harms. These harms are the privacy of benefit recipients when data-hungry systems are adopted, … Continued
On April 12, EPIC, the National Network to End Domestic Violence (NNEDV), and more than 10 other survivor advocacy and direct service organizations filed comments to the Federal Communications Commission regarding its implementation of the requirements of the Safe Connections Act of 2022. The rulemaking seeks to help survivors of domestic violence separate their phone … Continued
In comments to the Federal Trade Commission, EPIC commended the FTC for taking enforcement action against online counseling company BetterHelp for unfair and deceptive trade practices involving health data.
The Measure Function of the A.I. Risk Management Framework urges companies to build and deploy carefully, centering human experience and a myriad of impact points including environmental and impact on civil liberties and rights. Particularly, it calls for regular testing on validity, reliability, transparency, accountability, safety, security, and fairness.
Winters, senior counsel at the Electronic Privacy Information Center, said it’s crucial for AI to be transparent, because there have been instances of people not understanding AI systems, which have led to “power imbalances” and “rampant discrimination.” “We’ve seen where there [have] been faulty predictions for a kidney transplant, which [means] — Black people will … Continued
Not surprisingly, consumer advocates stand in significant opposition to a harm trigger. For example, the Electronic Privacy Information Center (EPIC) told the FCC, “Establishing harm as a threshold issue can result in legal ambiguity and underreporting. Additionally, it can result in delayed reporting as it may take time to assess whether the minimum threshold for … Continued
Efforts are being made to make drones easier to track and link to individuals, but the rules on drone operation are vague and difficult to enforce. Organizations like Safe Horizon and the Electronic Privacy Information Center offer resources for victims of harassment, abuse, and stalking, including technology-driven forms. Read the full article here.
On March 30, EPIC submitted comments to the White House Office of Science and Technology Policy (OSTP) recommending several resources that might assist OSTP in fulfilling the aims of the “Advancing Effective, Accountable Policing and Criminal Justice Practices to Enhance Public Trust and Public Safety” Executive Order.
The Map Function of the A.I. Risk Management Framework urges companies to document every step of the A.I. development lifecycle, from identifying use cases, benefits, and risks to building interdisciplinary teams and testing methods. However, it goes further: the A.I. Risk Management Framework also pushes companies to consider the broader contexts and impacts of their A.I. systems—and resolve conflicts that may arise between different documented methods, uses, and impacts. Notably, the Map Function recommends (1) pursuing non-A.I. and non-technological solutions when they are more trustworthy than an A.I. system would be and (2) decommissioning or stopping deployment of A.I. systems when they exceed an organization’s maximum risk tolerance. The Map Function also includes recommendations for instituting and clearly documenting procedures for engaging with internal and external stakeholders for feedback.
Even with the caveat that sharing location data is unavoidable in some instances, it’s important to be cautious. Providing apps or sites blanket access is never a good idea. “If you wind up needing location services, then you’ll figure that out after using the app, but maybe the best strategy is to just tell everybody … Continued
Finally, there are limitations and risks. GPT-4 sometimes makes up very convincing but incorrect text, and it will misuse source material. One time, Arrodondo says, GPT-4 had him doubting the facts of a case he had worked on himself. “I said to it, You’re wrong. I argued this case. And the AI said, You can … Continued
And FAST isn’t the only vendor of these systems. For several years, the nonprofit Electronic Privacy Information Center (EPIC) has been tracking the spread of technologies from Pondera Solutions, which sells its “Fraudcaster” algorithm to cities and states. Thomson Reuters acquired Pondera in 2020. Like the reporters at Lighthouse, those covering MiDAS in Michigan, and … Continued
Yesterday, the Italian Data Protection Authority (DPA) issued an order under the GDPR requiring OpenAI to immediately stop processing local user data, effectively blocking ChatGPT until OpenAI complies with European data protection laws. The DPA’s order comes at a time of increased scrutiny over ChatGPT and similar generative A.I. models.
New regulations implementing the California Consumer Privacy Act have officially gone into effect following approval by the state’s Office of Administrative Law.