You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

In re Verizon

Concerning the Changes in Verizon's Data Practices

Top News

  • Ninth Circuit Sends NSA Surveillance Case Back to Lower Court: A Federal Appeals court has remanded a case challenging the NSA's bulk collection of telephone records. In Smith v. Obama, the Ninth Circuit Court of Appeals instructed the lower court to consider the impact of the USA Freedom Act, which ended the bulk data collection program. EPIC, joined by thirty-three technical experts and legal scholars, filed an amicus brief in the case, arguing that modern communications systems are "entirely unlike the telephone network of the 1970s" and that a 1977 case concerning "pen registers" no longer applied. EPIC also challenged the NSA bulk collection program in a petition to the Supreme Court. (Mar. 24, 2016)
  • FCC Reaches Settlement with Verizon over Hidden "Super Cookies": The Federal Communications Commission reached a settlement with Verizon Wireless for its practice of placing hidden, undeletable "super cookies" on customers' smartphones without their knowledge or consent. The settlement requires Verizon to notify its customers of its targeted advertising practices and to obtain opt-in consent before sharing consumer data with third parties. Verizon must also pay a $1.35 million fine. EPIC has recently urged the FCC to undertake a broad rulemaking on communications privacy issues facing consumers, including the invasive and ubiquitous tracking practices of ISPs. EPIC has also urged the Federal Trade Commission to limit the use of persistent identifiers. (Mar. 10, 2016)
  • Federal Appeals Court Strikes Down NSA Bulk Record Collection Program: The Second Circuit Court of Appeals ruled today that the NSA's telephone record collection program exceeds legal authority. The government claimed that it could collect all records under the Section 215 "relevance" standard. But the court rejected that argument and held that "such an expansive concept of 'relevance' is unprecedented and unwarranted." The conclusion mirrors the argument EPIC, and a coalition of technical expert, legal scholars, and former members of the Church Committee made in Petition to the Supreme Court in 2013. EPIC explained in its petition, "It is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation." The Second Circuit found that Section 215 does not "authorize anything approaching the breadth of the sweeping surveillance at issue here." (May. 7, 2015)
  • Deadline Approaches for End of NSA's Telephone Record Collection Program: March 28 marks the deadline set by President Obama to end the NSA's bulk collection of American's telephone records. Last week, Attorney General Eric Holder confirmed that the Justice Department is ready to meet the deadline that the President has set. After extensive meetings with leaders of the Intelligence Community, both the President's Review Group and the Privacy and Civil Liberties Oversight Board found the program was ineffective and likely exceeded current legal authority. Senator Leahy, who held extensive public hearings, has stated "This program is not effective. It has to end." EPIC, supported by dozens of legal scholars and former members of the Church Committee, petitioned the US Supreme Court in July 2013 to end the "215" program. For more information, see In re EPIC and EPIC: NSA Verizon Phone Record Monitoring. (Mar. 24, 2014)
  • Senate Hears from Privacy Oversight Board, NSA "Metadata" Program is Ineffective: At a Senate Judiciary Committee hearing today, members of the Privacy and Civil Liberties Oversight Board discussed their review of the Section 215 program, concerning the collection of telephone records on US telephone customers. The Privacy Civil Liberties Board 238 page report found that the program was not effective and had not prevented any terrorist incidents. Recent reports also indicate that only 30% of phone records are actually collected, calling into question the value of the "metadata" program. Senate Judiciary Chairman Patrick Leahy stated that "the administration has not demonstrated" that the program "is uniquely valuable to justify the massive intrusion upon American's privacy." The President recently announced that the current bulk collection program would end and announced a transition process, requiring judicial approval of queries, prior to the expiration of the current authority on March 28. For more information, see EPIC: NSA Verizon Phone Record Monitoring. (Feb. 12, 2014)
  • New Limits on NSA Telephone Record Program Established, Authority Expires March 28: The Foreign Intelligence Surveillance Court has granted the government’s motion to limit access by the NSA to the bulk telephone records provided by US telephone companies. Under the new rules, the government cannot "query" the telephone metadata until after the court finds that there is a "reasonable, articulable suspicion that the selection term is associated with" a terrorist organization. The new rules also limit query results to telephone numbers within "two hops" of the selector. President Obama announced the new legal requirement during his recent speech on surveillance reform, when he committed to end the NSA’s bulk record collection program. The NSA's authority to force US telephone companies to turn over records on all their customers will expire on March 28th. The President has recommended that the Intelligence Community and the Attorney General propose an alternative to the bulk collection program prior to that deadline. For more information, see EPIC: FISC and EPIC: NSA Verizon Phone Record Monitoring. (Feb. 7, 2014)
  • NY Judge Rules NSA Program Legal, Split Emerges Among Courts: A federal judge in New York has ruled that the NSA's telephone metadata program is legal. The ruling comes less than two weeks after a federal judge in Washington, DC issued an injunction against the telephone record collection program—calling it an "unreasonable search under the Fourth Amendment." The opinions create a split amongst the district courts as to the legality of the NSA's program. Both opinions are expected to be appealed. The President's Review Group recently released its report recommending the end of the NSA's bulk collection of telephony metadata. EPIC filed a Petition in the U.S. Supreme Court challenging the legality of the program, shortly after the disclosure earlier this summer. For more information, see In re EPIC and EPIC: FISC Verizon Order. (Dec. 30, 2013)
  • Federal Judge Enjoins Telephone Metadata Program, NSA Likely Violated Fourth Amendment: A federal judge today issued an injunction against the NSA telephone record collection program. Judge Leon ruled that the plaintiffs "have a substantial likelihood of showing that their privacy interest outweigh the Governments interest in collecting and analyzing bulk telephony metadata and therefore the NSA's Bulk Metadata program is indeed an unreasonable search under the Fourth Amendment." Judge Leon also stressed that "While Congress has great latitude to create statutory schemes like FISA, it may not hang a cloak of secrecy over the Constitution." This is the first court opinion issued on the controversial surveillance program. EPIC filed a Petition in the U.S. Supreme Court challenging the legality of the the program, shortly after the disclosure earlier this summer. The decision of the district court will be stayed pending an appeal by the government to the DC Circuit Court of Appeals. For more information, see In re EPIC and EPIC: FISC Verizon Order. (Dec. 16, 2013)
  • Privacy International Files Complaint Against NSA, GCHQ Surveillance Programs: Privacy International, a leading privacy organization based in London, filed a legal complaint today with a UK tribunal about the recently disclosed surveillance programs. Privacy International asserts that the NSA and its United Kingdom counterpart, GCHQ, have been conducting dragnet surveillance of American and British citizens, without any public accountability. PI also charges that by accessing the NSA's information pool, the British government is acting outside the rule of law. EPIC today filed a petition in the US Supreme Court, alleging that the Foreign Intelligence Surveillance Court exceeded its legal authority when it issued the order to Verizon to turn over all of the phone records of its customers. For more information, see EPIC: NSA Petition and EPIC: NSA - Verizon Phone Record Monitoring. (Jul. 8, 2013)
  • EPIC Seeks Legal Justification for NSA Domestic Surveillance Program: EPIC has filed a Freedom of Information Act request with the Department of Justice, seeking the agency's justification for the NSA domestic surveillance program. The Department of Justice authorized a request for "all call detail records or 'telephony metadata' created by Verizon for communications . . . (ii) wholly within the United States, including local telephone calls." By statute, the scope of the Foreign Intelligence Surveillance Court is limited to investigations concerning the collection of foreign intelligence. The Department of Justice and the President have been acknowledged that the Department conveyed information about the program to Congress. EPIC has asked Congress to determine whether the special court exceeded its authority when it compelled Verizon to turn over the records of millions of telephone customers. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Clapper v. Amnesty Int'l, and EPIC: USA Patriot Act. (Jun. 7, 2013)

Background

Verizon

Cellco Partnership is a Delaware partnership doing business as “Verizon Wireless.” Verizon Wireless is a voice and data services company headquartered in Basking Ridge, NJ. The company was formed in 2000 as the result of a joint venture between Verizon, Inc. and Vodafone Group, Plc. (“Vodafone”). Verizon, Inc. owns a 55 percent interest in Verizon Wireless, and Vodafone owns the remaining 45 percent.

Change in Data Practices

Prior to October 14, 2011, Verizon Wireless assured consumers that it would not collect or disclose personal information concerning customers’ location data, web addresses and search terms, demographic information, and mobile device usage. The company’s Customer Agreement stated that “[Verizon Wireless] may collect personal information about you,” but did not notify consumers that the company collected customers’ location data, web addresses and search terms, demographic information, and mobile device usage. As such, the Verizon notice failed to provide the consumer any useful information on which the consumer could meaningfully assess the company’s practices. The company’s Privacy Policy did not mention the disclosure of web addresses and location data to third parties for business and marketing purposes. In fact, Verizon Wireless’s Privacy Policy assured consumers that the company did not collect data concerning consumers’ web usage, stating, “Verizon does not gather information from your use of our broadband access services to determine your Web surfing activities across non-Verizon sites for the purpose of providing you with interest-based advertisements. If Verizon engages in this type of online behavioral advertising, we will provide you with clear and meaningful notice of our practice and obtain your affirmative consent.”

On October 14, 2011, Verizon Wireless announced that the company had changed its practices concerning collection and disclosure of users’ personal information. The company stated that it had started collecting its customers’ location data, web addresses and search terms, demographic information, and mobile device usage. Verizon also stated that it had started disclosing this personal information to third-parties, ostensibly for marketing purposes.

Personal information collected and used by Verizon included mobile usage information and consumer information. Mobile usage information included: (1) the URLs of websites that a user visits, including search terms entered; (2) geolocation information; and (3) “[a]pp and device feature usage.” Consumer information included: (1) the type of device, amount of usage, and type data plan that a consumer uses; and (2) demographic information, such as age, gender, and interests.

The new policy also detailed the ways in which this newly-collected personal information was used by Verizon Wireless and third-party companies, including (1) creating business and marketing reports that were used by Verizon Wireless or disclosed to others; (2) allowing other businesses to use geolocation information to create business and marketing reports; and (3) allowing advertisers to use demographic information to target ads.

EPIC's FTC Complaint

EPIC's FTC complaint explained that Verizon's change in data practices was unfair and deceptive under Section 5 of the FTC Act. EPIC said that Verizon's statement that it would provide consumers with “clear and meaningful notice of our practice and obtain [consumers’] affirmative consent” before collecting or disclosing web-browsing information, including internet search terms was deceptive. The company now requires consumers to opt out of the companies’ collection and disclosure of users’ location data, web browsing histories, internet search terms, demographic information, and mobile device usage information. Requiring consumers to opt out is not equivalent to obtaining their affirmative consent

Furthermore, EPIC explained, Verizon assured consumers that the company “will not [disclose] any information that identifies [the user] personally.” But the information that Verizon Wireless collected and disclosed, including geolocation and web address information, is personally identifiable. Thus, Verizon Wireless’ policy is likely to mislead consumers.

FTC Authority to Act

The FTC's primary enforcement authority with regards to privacy is derived from 15 U.S.C. ยง 45, commonly known as section 5 of the Federal Trade Commission Act (FTCA). Section 5 of the FTCA allows the FTC to investigate "unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce." This law provides a legal basis for the FTC to regulate business activities that threaten consumer privacy.

Legal Documents

News Stories and Blog Items

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security