You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Privacy Issues

The Electronic Privacy Information Center (EPIC) focuses public attention on emerging civil liberties, privacy, First Amendment issues and works to promote the Public Voice in decisions concerning the future of the Internet. Below is a comprehensive list of our work.

Hot Topics and New Resources

Privacy by Topic: The A to Z's of Privacy

  • Air Travel Privacy. Materials on passenger profiling and other related proposals being proposed by the White House. For developments in the European Union, see EPIC's page on EU-US Passenger Data Disclosure.
  • Algorithmic Transparency
  • Anonymity. Materials on the right to associate, receive information, and communicate anonymously.
  • AskEraser. Information on Ask.com's "AskEraser" search engine product, which has been criticized by privacy groups for reducing user privacy and failing to function as advertised.
  • Attorney General's Guidelines. Information about the ability of the FBI to investigate Americans.
  • Automated Targeting System. Information about the Automated Targeting System, which creates secret, terrorist "risk assessments" on tens of millions of U.S. citizens and foreign visitors.
  • Automobile Event Data Recorders (Black Boxes) and Privacy.
  • Backscatter. Plans were announced by the Transportation Security Administration to propose the trial use of backscatter x-ray for passenger screening at several U.S. airports.
  • Big Data
  • Biometrics. Information about biometric technologies and privacy implications.
  • Body Scanners.
  • Caller ID. Includes FCC rules, court cases and international materials.
  • CCTV.
  • Census. EPIC's guide to the risks of the census, including re-identification, and the Census Bureau's plans to include a Social Security Number requirement on the census form.
  • Children's Privacy. EPIC's page devoted to kids' privacy issues and the Children's Online Privacy Protection Act (COPPA) of 1998. Also see EPIC's page on Radio Frequency Identification tags (RFID) and children.
  • ChoicePoint, Inc. ChoicePoint is a "commercial data broker," a company that sells personal information for direct marketing, insurance, and to law enforcement agencies. ChoicePoint stores troves of personal information that the private and public sectors can access through any Internet-connected computer.
  • Clear ID.
  • Cloud Computing Internet users are being offered a range of remote computing services, which may not provide adequate protections for customers.
  • Consumer Privacy Bill of Rights
  • Consumer Profiling.
  • Cookies. What *are* those nasty little things, and who's been putting them on your hard drive? Check our cookies page for a list of good resources.
  • COPPA. Children's Online Privacy Protection Act
  • Counter-terrorism. Congressional proposals to increase wiretapping, revise government guidelines on investigating domestic political groups and obtain easier access to credit reports and transactional information.
  • CPNI. Customer Proprietary Network Information (CPNI) and the history of the opt-in/opt-out debate surrounding the use and collection of customer data by telephone companies.
  • Credit Scoring. Information about credit scores, a number used by lenders to determine whether to issue credit. Credit scores are being used in an increasing number of circumstances to evaluate individuals.
  • Cryptography Policy. Information on the Clipper Chip, Key Escrow and other pending issues related to cryptography policy.
  • Cybersecurity.
  • Data Retention. Information about various data retention proposals in the European Union (EU). Some resources are available in French and Spanish.
  • Deep Packet Inspection. Deep Packet Inspection ("DPI") is a computer network packet filtering technique that involves the inspection of the contents of packets as they are transmitted across the network. The practice is controversial, and has been criticized by privacy and network neutrality advocates.
  • DHS Privacy Office.
  • Digital Rights Management (DRM). The technologies used to secure digital files will enable profiling of consumers and prevent anonymous consumption of content.
  • Diplomatic Communications. The privacy norms protecting the communications of diplomats from interception.
  • Direct Marketing and Junk Mail. Information on Avrahami case and other attempts to protect personal information and stem the flow of junk mail.
  • DNS Security Extensions (DNSSEC) The Domain Name System (DNS) is a distributed hierarchical system used by servers that use the Internet Protocol (IP)to convert IP addresses (such as 85.135.343.120) into names and vice versa.
  • DOD Recruiting Database In May 2005, the Department of Defense (DOD) announced that it was going to create a massive database for recruiting. The DOD's "Joint Advertising and Market Research" system proposed to combine student information, Social Security Numbers (SSN), and information from state motor vehicle repositories into a mega database housed at a private direct marketing firm.
  • Domestic Violence. Information on EPIC's domestic violence and privacy project.
  • Doubletrouble. Information on DoubleClick Inc., and the company's acquisition of Abacus Direct.
  • Donor Privacy
  • Driving Records. The Driver's Privacy Protection Act (DPPA) sets out a framework for protecting DMV records.
  • Drones and UAVs
  • Echometrix.
  • Electronic Communications Privacy Act (ECPA)
  • ENUM."Electronic Numbering" is a system that allows a user to obtain contact information, such as a telephone, fax, and e-mail address with a single phone number.
  • EPIC Administrative Procedure Act Comments
  • E-Verify (Employment Verification by the Department of Homeland Security)
  • EU Data Protection Directive.
  • EU-US Passenger Data Disclosure. Information on air travel data disclosure developments between the European Union and the United States.
  • Expungement. Information about sealing or deleting criminal records.
  • Facebook. Facebook was started by Mark Zuckerberg as a social networking site for Harvard undergraduates in 2004. Facebook then expanded to other colleges and universities.
  • Face Recognition. Information and resources on facial recognition technology.
  • Fair Credit Reporting Act. Information and resources on protecting your credit report.
  • FAST Project.
  • FBI Watchlist.
  • FCC Data Retention Mandate.
  • Federal Trade Commission. Consumer protector or industry lapdog? What the FTC has done (or not done) on protecting privacy on the net and with credit reports.
  • Financial Privacy. Our financial privacy resources include in-depth discussions of the Fair Credit Reporting Act (law enforcement access and commercial privacy involving credit reporting agencies), the Gramm-Leach-Bliley Act (commercial privacy involving financial services), and the Right to Financial Privacy Act (law enforcement access to financial services records).
  • Firearms Privacy. This page discusses the privacy protections that have been created for gun owners. It derives from a paper written by University of Pennsylvania Law Student Eva Gutierrez.
  • FISA. The Foreign Intelligence Surveillance Act.
  • Former Secrets. Sample of documents released under FOIA.
  • Fusion Centers. ''Fusion centers'' are a means of bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. The term fusion centers was first coined by the Department of Defense (DOD) and refers to the fusing of information for analysis purposes. On November 9, 2002, the New York Times disclosed a massive DOD fusion center project managed by the Defense Advanced Research Project Agency (DARPA) known as Total Information Awareness (TIA). DARPA was developing a tracking system intended to attempt to detect terrorists through analyzing troves of information.
  • Gender. Information on privacy-invasive behaviors that tend to be targeted at women, including cyberstalking, pretexting, and video voyeurism.
  • Genetic Privacy. Information on uses of genetic information and their privacy implications.
  • Global Entry
  • Google Purchase Tracking
  • Google Street View.
  • Gramm-Leach-Bliley Act. Information on a 1999 federal law that establishes some protections against pretexting and limitations on data sharing for banks, insurance, and brokerage companies.
  • H1N1 and Privacy.
  • Homeless Management Information Systems and Domestic Violence. The Homeless Management Information Systems are software applications that records, store and track characteristics and service needs of homeless individuals. The department of Housing and Urban Development (HUD) sets standards for this software, and it is supplied by vendors.
  • Identity Theft.
  • Identity Theft and Domestic Abuse. Generally, identity theft is the appropriation of another's personal information in order to commit fraud, or impersonate another person. There are a few basic types of identity theft, but they all share the same properties: Three parties parties are involved, and somehow one of the parties has gotten the personal information of the other.
  • Illegal Sale of Phone Records. Online data brokers and other companies openly advertise on the Internet that they can obtain others' phone records. For about $100, these companies will obtain all the calls made and initiated from a wireless phone, or toll calls from wireline phones. This is a dangerous and illegal practice. This information can be used by jealous spouses, stalkers, business competitors, political opponents, and others to learn about others' whereabouts and conversations.
  • International Privacy. Information on international privacy laws and standards, including the recently enacted EU Data Protection Directive and proposals for Canada and the US. Also see the Privacy International Home Page
  • Internet of Things
  • iPhone Privacy.
  • Lisbon Treaty and Privacy.
  • Location Privacy. People, Not Places, A Policy Framework for Analyzing Location Privacy Issues, by James C. White, gives a detailed overview of location privacy issues and provides a framework for approaching the issues in a coherent fashion.
  • LSSI. Information on the 2002 Spanish law on e-commerce. Many resources and articles are available in Spanish.
  • Medical Records. Information on current problems and pending legislation.
  • Microsoft Palladium. Information about Microsoft's plans to embed Digital Rights Management into hardware and software.
  • Microsoft Passport. Information about Microsoft's Passport, Hailstorm, and .NET systems. Also see the Project Liberty Page.
  • Microsoft Passport Investigation Docket Page. Information about Federal Trade Commission and European Commission investigations of Microsoft Passport.
  • Nanotechnology. Information on the privacy implications of nanotechnology, structures, devices and systems that have novel properties and functions because of their small size.
  • National ID Cards and REAL ID Act. Information about national ID cards and the REAL ID Act of 2005, a national identification system structured by the Department of Homeland Security.
  • National Security Letter. National Security Letters (NSLs) are an extraordinary search procedure which gives the FBI the power to compel the disclosure of customer records held by banks, telephone companies, Internet Service Providers, and others.
  • NCIC (National Crime Information Center). Information and action items on the largest criminal justice database in the United States.
  • Net Neutrality
  • Next Generation Identification
  • NSTIC.
  • Olympics Privacy. Information on the 2008 Olympic Games in China and the surveillance questions surrounding the Games.
  • Open Government.
  • Ostergren v. McDonnell.
  • Oversight. EPIC is calling on the Chief Privacy Officer of the Department of Homeland Security to release its overdue annual report to Congress.
  • PASS ID. Information on PASS ID legislation and REAL ID, which are both plans to establish a National ID system.
  • Passenger Profiling. Information about the privacy and security problems with government traveler profiling programs.
  • PATRIOT Act. Information on the USA PATRIOT Act, a law passed shortly after September 11, 2001 with sweeping implications for privacy.
  • Personal Data Protection. How personal information about you is stored, transferred and used.
  • Personal Privacy in an Information Society, Report of the Privacy Protection Study Commission, July 1977. This 1977 report was conducted pursuant to the Privacy Act of 1974. This version of the report was scanned by the Department of Health and Human Services, and is mirrored on the EPIC server.
  • Personal Surveillance.
  • Polygraph Testing. Information about the use of polygraphs or "lie detectors." This page presents a brief history of the polygraph, and the Employee Privacy Protection Act.
  • Postal Service Privacy. Information about privacy in U.S. Mail. Issues include "intelligent mail," search and seizure of the mails, and the problem of the Postal Service subsidizing junk mail companies.
  • Poverty and Privacy. An overview of welfare surveillance and new programs designed to track the homeless.
  • Preemption. Preemption is a restriction on state or local authority to pass laws or to enforce laws. In the privacy realm, preemption can prevent states from creating new solutions to privacy problems. This page explains preemption and why preempting state authority is a bad policy decision for individuals' rights.
  • The Privacy Act of 1974. The "Privacy Act" is the principal law protecting citizens' data from government use and misuse. The Privacy Act establishes "fair information practices" for personal information, restricts collection and use of personal information, and allows individuals to bring suit against the government for violations.
  • Privacy Protection Act of 1980. This page details the history and provisions of the Privacy Protection Act, a law that provides some protections for media organizations that are the target of government searches.
  • Privacy Report Held Hostage.
  • Privileges. This page discusses several privileges that protect privacy in the courtroom.
  • Profiling. How an entire industry dedicated to building dossiers on humans collects and exploits personal information from sources such as product warranty cards, product return forms, calls to customer service departments, surveys, and sweepstakes.
  • Project Liberty. A developing identification and authentication system that is similar to Microsoft Passport.
  • Privacy? Proposed Google/DoubleClick Deal. Information on the consumer privacy interests involved in proposed $3.1B merger of Google, the Internet's largest search profiling company, and DoubleClick, the Internet's largest targeted advertising company.
  • Privacy Shield
  • Protester Privacy.  Information on surveillance and disruption of peaceable protest by the American government as a part of the "War on Terrorism."
  • Public Opinion. What the American public thinks about privacy.
  • Public Records and Privacy. Public records are being used by profiling companies to build dossiers on citizens. These dossiers are often sold to law enforcement agencies.
  • REAL ID and Domestic Violence. REAL ID creates minimum standards for driver's licenses that states must implement by May 11, 2008. These standards effectively create a national ID with serious implications for domestic violence survivors.
  • Radio Frequency Identification (RFID). Information on how RFID systems can be used to track individuals (including children) and invade privacy. Also see Accommodating RFID Technology and Expectations of Privacy: An Examination and Proposed Guidelines, a white paper authored by University of Washington student Greg Plichta, and the EPIC Verichip page.
  • Right to be Forgotten
  • Right to Financial Privacy Act. Information about law enforcement access to bank records and the Right to Financial Privacy Act.
  • Safe Harbor (Schrems case)
  • Search Engine Privacy
  • Secure Communities
  • Secure Flight. Information about the passenger prescreening program Secure Flight, which EPIC deems fundamentally flawed. The core of the program rests on watchlists so full of errors that the Department of Justice's Inspector General has suggested that there is "a deficiency in the integrity of watchlist information."
  • Shine the Light Law. California's S.B. 27, the "Shine the Light" law, empowers California consumers by requiring businesses to disclose how they sell personal information or requiring them to allow consumers to opt out.
  • Smart Grid.
  • Social Networks. Social networking Web sites, such as MySpace, Facebook, and Friendster have become established forums for keeping in contact with old acquaintances and meeting new ones.
  • Social Security Numbers. Information on how to protect your SSN, the text of the 1974 Privacy Act and various court cases on disclosure.
  • SPAM -- Unsolicited E-Mail. Resources on SPAM and pending proposals to curb it.
  • Student and School Records Privacy. Resources on the Federal Educational Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA), drug testing and school searches.
  • Surveillance.
  • Telemarketing. Information about telemarketing, federal and state attempts to restrict telemarketing, and what you can do to end annoying sales calls to your home.
  • Suspicious Activity Reporting
  • Ten Consumer Privacy Resolutions.
  • Theme Parks and Privacy. Information about the adoption of fingerprint scans by theme parks to monitor the use of passes held by guest as young as 10 years of age to enter and exit their facilities.
  • Uber Privacy Policy. Information about EPIC's complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details is an unlawful and deceptive trade practice.
  • United States Visitor and Immigrant Status Indicator Technology (US-VISIT). Information about US-VISIT, an integrated government-wide program intended to improve the nation's capability to collect information about foreign nationals who travel to the United States, as well as control the pre-entry, entry, status, and exit of these travelers.
  • Verichip. Verichip is a RFID tag that can be inserted under the skin for identification purposes. (October 2004)
  • Veterans Affairs Data Theft. Information about the 2006 information security breach by a Veterans Affairs employee resulted in the theft from his Maryland home of unencrypted data affecting 26.5 million veterans and current service members and their families.
  • Video Rental Records. Information on the Video Privacy Protection Act.
  • VAWA and Privacy. Privacy affecting provisions of the Violence Against Women Act.
  • Voter Photo ID.
  • Voter Registration.
  • Voting. Information about the new electronic voting machines and the threat they present to the integrity and privacy of U.S. elections.
  • WHOIS. Information on privacy issues surrounding domain name registration information.
  • Wiretapping and Electronic Surveillance. Updates on the digital telephony law, statistics, and other material on electronic surveillance.
  • Workplace Privacy. Workers of the world are exposed to numerous forms of surveillance while earning a living. This page contains updates on workplace privacy law, a summary of developments in the field, and resources for employees and employers.
Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security