« November 2011 | Main | January 2012 »

December 2011 Archives

December 1, 2011

"Privacy in Perspective: Implications of Government Surveillance on Human Rights and Civil Liberties"

"Privacy in Perspective: Implications of Government Surveillance on Human Rights and Civil Liberties"

Lillie Coney,
EPIC Associate Director

Rights Working Group
San Francisco, CA
December 1-2, 2011

Posted by EPIC on December 1, 2011 12:41 PM | | TrackBacks (0)

December 8, 2011

Face Facts: A Forum on Facial Recognition Technology

Face Facts: A Forum on Facial Recognition Technology

John Verdi,
EPIC Senior Counsel

Federal Trade Commission
Washington, D.C.
December 8, 2011

Posted by EPIC on December 8, 2011 3:22 PM | | TrackBacks (0)

December 5, 2011

Workshop on Governance of Technology, Information, and Policies (GTIP)

Workshop on Governance of Technology, Information, and Policies (GTIP)

Lillie Coney,
EPIC Associate Director

27th Annual Computer Security Conference
Orlando, Florida
December 5-9, 2011

Posted by EPIC on December 5, 2011 4:14 PM | | TrackBacks (0)

December 1, 2011

Supreme Court Hears Arguments in Privacy Act Damages Case

The US Supreme Court heard arguments on Wednesday in FAA v. Cooper. At issue is whether "actual damages" recoverable for "willful and intentional" violations of the Privacy Act include mental and emotional damages. A federal appeals court held that Congress "unambiguously" intended to allow recovery of such non-pecuniary damages when it drafted the Privacy Act. The Government argued that the term "actual damages" is ambiguous, and that the Court should adopt a narrower interpretation in light of the Privacy Act's waiver of sovereign immunity. EPIC filed a brief in support of respondent Cooper and argued that proper enforcement of the Privacy Act requires recovery of a broad range of provable damages, including mental and emotional distress, which are the common and expected injuries resulting from privacy violations. For more information, see EPIC: FAA v. Cooper.

Tags:

Posted by EPIC on December 1, 2011 9:56 AM | | TrackBacks (0)

Senator Franken Asks Carrier IQ to Explain Data Collection Activities

Senator Al Franken (D-Minn) has sent a letter to Carrier IQ about reports that it has been collecting sensitive consumer information from millions of smartphone users. The data includes text message content, websites visited, user locations, and detailed call records. This may be an "unlawful intercept" under the Electronic Communications Privacy Act of 1986 (ECPA). EPIC recently asked the FTC to investigate similar practices involving Verizon, For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy.

Tags:

Posted by EPIC on December 1, 2011 1:59 PM | | TrackBacks (0)

PBS Special Highlights Risks of Airport Body Scanners

A PBS Newshour special highlights the radiation risks and security flaws of airport body scanners. The program follows EPIC's Freedom of Information Act lawsuits against the Department of Homeland Security. EPIC's suits forced disclosure of documents detailing the health risks and privacy hazards posed by the scanners as well as the proposed use of the scanners on public streets and in train stations. EPIC also sued the agency, asking the DC Circuit Court of Appeals to suspend the airport body scanner program. The court ruled that the TSA violated federal law when it installed body scanners in airports for primary screening across the country without first soliciting public comment. The European Union recently adopted strict guidelines that effectively prohibit the use of backscatter x-ray body scanners. For more, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology

Tags:

Posted by Verdi on December 1, 2011 4:15 PM | | TrackBacks (0)

December 5, 2011

EPIC Asks Court to Require Release of Documents About Body Scanner Radiation Risks

EPIC has filed a reply motion in EPIC v. DHS, No. 1:11-cv-01991-ABJ, a Freedom of Information Act lawsuit for information, held by the DHS, about the radiation risks of airport body scanners. EPIC is asking the court to force the agency to disclose documents about radiation testing results, agency fact sheets on radiation risks, and an image produced by the machines. A recent report from ProPublica states that the "U.S. Government Glossed Over Cancer Concerns As It Rolled Out Airport X-Ray," and the European Union recently prohibited the use of "back-scatter x-ray" devices in EU airports. EPIC has already obtained hundreds of pages of documents discussing the risks of radiation exposure. For more information, see EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks.

Tags:

Posted by EPIC on December 5, 2011 11:02 AM | | TrackBacks (0)

EU and US Groups Object to EU-US Passenger Data Agreement

Over 20 organizations in the EU and the US have sent an open letter to the European Parliament, opposing a new agreement that would allow European companies to transfer the personal data of European travelers to the United States government in apparent violation of the EU Data Protection Directive. The European Court of Justice struck down the original Passenger Name Record (PNR) agreement in 2006 after members of the European Parliament charged that there was no legal basis to disclose the data to the US. The revised agreement is still subject to approval by the Parliament, which has also gained new legal powers since the earlier dispute. For more information, see EPIC: EU-US Airline Passenger Data Disclosure, EPIC: Air Travel Privacy, EPIC: Passenger Profiling.

Tags:

Posted by EPIC on December 5, 2011 2:31 PM | | TrackBacks (0)

Senate Adopts Leahy's Open Government Amendment

The Senate has unanimously adopted an amendment authored by Senator Patrick Leahy (D-VT) to the National Defense Authorization Act. Senator Leahy's amendment will limit an overbroad legislative exemption to the Freedom of Information Act. The amendment requires the Secretary of Defense to consider whether the disclosure of critical infrastructure information would reveal vulnerabilities that would result in harm to government property or facilities, and whether the public interest in the disclosure of this information outweighs the government’s need to withhold the information. The Senate will vote on final passage of the National Defense Authorization Act later this evening. For more information, see EPIC: Open Government.

Tags:

Posted by EPIC on December 5, 2011 2:39 PM | | TrackBacks (0)

Department of Education Issues Unlawful Regulations that Harm Student Privacy

The Department of Education has released final regulations concerning the Family Educational Rights and Privacy Act (FERPA). These regulations exceed the agency's legal authority and expose students to new privacy risks. The new rules permit educational institutions to release student records to non-governmental agencies without first obtaining parents' written consent. The new rules also broaden the permissible purposes for which third parties can access students records without first notifying parents. The agency rules also fail to appropriately safeguard students from the risk of re-identification. In response to the Department of Education's request for public comments, EPIC submitted extensive comments to the agency in May 2011, addressing the student privacy risks and the agency's lack of legal authority to make changes to FERPA without explicit Congressional intent. For more information, see EPIC: Student Privacy.

Tags:

Posted by EPIC on December 5, 2011 3:25 PM | | TrackBacks (0)

EPIC Joins Coalition Seeking Audit of TSA Racial Profiling

Over 30 organizations, including EPIC, have asked DHS Secretary Janet Napolitano to undertake an independent audit of the TSA to determine whether TSA airport screeners are engaged racial profiling. According to news reports, TSA agents have subjected Mexican, Dominican, and Sikh travelers to additional screening based solely on race. In EPIC v. DHS, a federal court of appeals in July ordered the TSA to undertake a formal rulemaking, but the agency has yet to solicit comments from the public on its airport screening procedures. For more information, see EPIC: Air Travel Privacy and EPIC: Passenger Profiling.

Tags:

Posted by EPIC on December 5, 2011 5:19 PM | | TrackBacks (0)

Federal Trade Commission Releases 2011 Do Not Call List, Warns of Do Not Call Scams

The FTC has released the 2011 National Do Not Call Registry Data Book, which includes extensive information on the Do Not Call Registry as well as tips for consumers. Over 209 million telephone numbers are now listed on the Do Not Call Registry. In 2011, over 2 million consumers filed complaints over unwanted telemarketing calls. In announcing the Data Book, the FTC also warned consumers that scammers are calling consumers and claiming to sign them up for the National Do Not Call Registry. The FTC said that these calls were not coming from the Commission or the Registry, and that consumers should ignore them. For more information, see EPIC: Federal Trade Commission, or EPIC: Telemarketing and the Telephone Consumer Protection Act.

Tags:

Posted by EPIC on December 5, 2011 5:25 PM | | TrackBacks (0)

December 9, 2011

"Why We Should Care About Privacy in the Identification Domain"

Marc Rotenberg,
EPIC Executive Director

Privacy-Enhancing Cryptography
NIST Information Technology Lab
Gaithersburg, MD
December 9, 2011

Posted by EPIC on December 9, 2011 2:34 PM | | TrackBacks (0)

December 6, 2011

EPIC to Congress: Video Act Amendments Would Weaken Online Privacy

In response to a request from Congressman Melvin Watt (D-NC), EPIC sent a letter explaining that HR 2471, a bill to amend the Video Privacy Protection Act, would reduce privacy for Internet users by weakening the consent provision in current law. The proposal, backed by Netflix, would make the personal information of Facebook users more widely available. EPIC’s letter points out that the bill does not “modernize” the video privacy law, it simply makes it more difficult for users to protect their data. The bill is being rushed through Congress without a public hearing or debate. For more information, see EPIC: Video Privacy Protection Act.

Tags:

Posted by EPIC on December 6, 2011 2:42 PM | | TrackBacks (0)

December 7, 2011

EU Justice Minister Warns US on "Self Regulation," Draft European Privacy Law Now Available

EU Justice Minister Viviane Reding warned this week at a speech in Brussels that a US plan for privacy self-regulation will "not be sufficient" to protect the flow of personal data between Europe and the United States. Reding also said that European companies were likely to rely on European cloud service providers as long as the US Patriot Act remained the law in the US. A draft of the European Union’s new General Data Protection Regulation is now available. The Regulation is a sweeping and comprehensive update of the 1995 EU Data Protection Directive that sets out new enforcement powers for privacy agencies. Meanwhile, a spokesperson for the White House again pledged that a long-delayed paper on privacy would soon be available. For more information, see EPIC: EU Data Protection Directive.

Tags:

Posted by EPIC on December 7, 2011 2:59 PM | | TrackBacks (0)

December 15, 2011

"How to Ensure Privacy in an Expanding Data World"

"How to Ensure Privacy in an Expanding Data World"

Ginger McCall,
EPIC Open Government Counsel

International Institute of Communications
Washington, DC
December 15, 2011

Posted by EPIC on December 15, 2011 11:09 AM | | TrackBacks (0)

December 14, 2011

Forum on Children and Teen Online Privacy

Forum on Children and Teen Online Privacy

Marc Rotenberg,
EPIC Executive Director

Bipartisan Privacy Caucus
2322 Rayburn House Office Building,
Washington, DC
December 14, 2011

Webcast

Tags:

Posted by EPIC on December 14, 2011 11:29 AM | | TrackBacks (0)

December 13, 2011

EPIC Launches Campaign Urging Public Comment on Facebook Privacy Settlement

EPIC launched the "Fix FB Privacy Fail" campaign to encourage the public to support improvements to a settlement between Facebook and the FTC. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. Although the proposed settlement is far-reaching, there are several ways in which it could be improved. EPIC has recommended that the FTC require Facebook to restore the privacy settings users had in 2009; give users access to all of the data that Facebook keeps about them; stop making facial recognition profiles without users' consent; make the results of the government privacy audits public; and stop secretly tracking users across the web. The period for public comment on the proposed settlement ends on December 30. The campaign also allows users to sign on to the petition without using Facebook. For more information, see EPIC: FTC Facebook Settlement.

Tags:

Posted by EPIC on December 13, 2011 12:26 PM | | TrackBacks (0)

December 15, 2011

Facebook Timeline Changes User Privacy Settings. Again.

Without user consent, Facebook announced today that it would post archived user information, making old posts available under Facebook's current downgraded privacy settings. Users have just a week to clean up their history before Timeline goes live. The surprising announcement follows a recent decision by the Federal Trade Commission which found that the company had engaged in "unfair and deceptive" trade practices when it changed the privacy settings of its users. EPIC initiated that complaint and is now urging FB users to submit comments to strengthen the proposed settlement. For more information, see EPIC - In Re Facebook and EPIC - Facebook and Privacy.

Tags:

Posted by EPIC on December 15, 2011 11:53 AM | | TrackBacks (0)

December 20, 2011

Senate Opens Investigation Into Google Search

Senator Herb Kohl (D-WI) and Mike Lee (R-UT), Chairman and Ranking member of the Judiciary Antitrust Subcommittee, have sent a letter to FTC Chairman Jon Leibowitz, expressing concern about Google's business practices and the company's impact on competition in Internet search and commerce. In September, EPIC wrote to the FTC and described how Google biased YouTube search rankings to give preferential treatment to its own content following the acquisition of the Internet's largest video service provider. The EPIC letter preceded a Senate hearing on "The Power of Google: Serving Consumers or Threatening Competition?" EPIC testified before the Senate Antitrust Subcommittee in 2007 on Google's growing dominance of essential Internet services.

Tags:

Posted by EPIC on December 20, 2011 1:43 PM | | TrackBacks (0)

EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter

EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency's social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies.The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy.

Tags:

Posted by EPIC on December 20, 2011 5:36 PM | | TrackBacks (0)

December 21, 2011

US to Retain Biometric Database on Iraqis

According to Wired, although the war in Iraq is officially over US Central Command will retain a massive database with retinal scans, thumb prints, religious affiliation, as well as other personal data on millions of Iraqis. In 2007, EPIC, Privacy International, and Human Rights Watch sent a letter to then Secretary of Defense Robert Gates to warn that the collection of biometric data in the region poses a direct risk to human rights and could result in genocidal violence. The Defense Science Board also warned that the database could "become a hit list if it gets in the wrong hands." For more information, see EPIC - "Iraqi Biometric Identification System."

Tags:

Posted by EPIC on December 21, 2011 10:30 AM | | TrackBacks (0)

December 22, 2011

US Lobbying Against New European Privacy Law

A document obtained by a European civil liberties organization indicates that the US Department of Commerce is actively opposing efforts by the European Union to update and strengthen its privacy law. The "Informal Note on Draft EU General Data Protection Regulation" argues that the proposed updates to the EU Data Protection Directive could adversely impact the "global interoperability of national and international privacy regimes." The US assessment follows a multi-year effort by the Europeans and others to establish a comprehensive framework for privacy protection, which the US has opposed, opting instead for "self-regulation." The European Digital Rights Initiative (EDRi) has prepared a brief analysis of the "most prominent exaggerations and misunderstandings in the US paper." For more information, see EPIC - "U.S. and European Consumer Groups Encourage Congress to Learn from EU Data Directive."

Tags:

Posted by EPIC on December 22, 2011 12:36 PM | | TrackBacks (0)

EPIC Warns DHS: Plan to Release Personal Data Held by Agency is Unlawful

EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to disclose internal agency records to former DHS employees, third party employers, and foreign and international agencies. DHS plans to disclose criminal conviction records, employee records, and foreclosures, about a broad category of individuals, including members of the public, individuals who file administrative complaints with DHS, and even individuals who are named parties in cases "in which DHS believes it will or may become involved." All of this information is protected under the federal Privacy Act, but the DHS proposes to invoke the "routine use" exemption to allow disclosure. EPIC said the plan would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." EPIC also noted that the agency has failed to allow sufficient time to meaningfully consider public comment on the plan. For more information, see EPIC: the Privacy Act of 1974.

Tags:

Posted by EPIC on December 22, 2011 2:54 PM | | TrackBacks (0)

EPIC Submits Comments on Children's Online Privacy Rule

EPIC submitted comments to the FTC on a proposed rule for the Children's Online Privacy Protection Act. The proposed rule would revise the definition of Personally Identifiable Information to include identifiers such as cookies, IP addresses, and geolocation information. The new rules also contain data minimization and deletion requirements and simplified methods of obtaining parental consent for data collection. "The proposed revisions update the COPPA Rule by taking better account of the increased use of mobile devices by users and of new data collection practices by businesses," EPIC said. However, EPIC urged the FTC to further improve the rule by applying it to SMS and MMS messaging services, extending the definition of "personal information" to cover the combination of date of birth, gender, and ZIP code, and adding a data-breach notification requirement. EPIC previously testified before the Senate and filed comments with the agency. For more information, see EPIC: Children's Online Privacy Protection Act and EPIC: Federal Trade Commission.

Tags:

Posted by EPIC on December 22, 2011 6:00 PM | | TrackBacks (0)

December 23, 2011

EPIC Urges Court to Order Disclosure of CyberSecurity Authority

EPIC filed papers urging a federal court to order the National Security Agency to disclose National Security Presidential Directive 54, a key document governing national cybersecurity policy. The directive grants the NSA broad authority over the security of American computer networks. But the agency has refused to make the document public in response to an EPIC Freedom of Information Act request. EPIC noted that "The NSA’s position amounts to a claim that the President may enact secret laws, direct federal agencies to implement those laws, and shield the content of those laws from public scrutiny." EPIC argued that the law "does not support such a sweeping result." For more, see EPIC v. NSA - Cybersecurity Authority.

Tags:

Posted by Verdi on December 23, 2011 10:22 AM | | TrackBacks (0)

EPIC Urges Court to End DHS Delay in Seeking Public Input on Airport Body Scanners

EPIC has asked a federal court seeking to enforce a July 15, 2011 order requiring the Department of Homeland Security to take public comment on the agency's controversial airport body scanner program. As a result of an EPIC lawsuit, the DC Circuit Court of Appeals ruled that the agency violated federal law when it installed body scanners in airports for primary screening without first soliciting public input. In July, the Court ordered Homeland Security to "promptly" seek public comment, but the agency has failed to respond. EPIC, and a coalition of privacy and civil liberties organizations, first petitioned DHS to undertake a public rulemaking in 2009. This is EPIC's second motion to compel the agency to comply with the court's order. For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology.

Tags:

Posted by EPIC on December 23, 2011 3:22 PM | | TrackBacks (0)

December 28, 2011

Justice Department Challenges South Carolina's Voter ID Law

The Justice Department has blocked South Carolina's voter ID law, calling it a violation of the federal Voting Rights Act. The Department said the new photo ID requirements would dispropotionately exclude eligible minority voters from federal elections. The South Carolina law prohibits voting by anyone who does not possess a state driver's license, US Passport, Military ID, or voter registration card. Many eligible voters who participated in the 2008 and 2010 elections may be prevented from voting in 2012. Earlier, EPIC filed an amicus brief in the Supreme Court, challenging an Indiana voter ID law. See EPIC: Voter Photo ID and Privacy and NCSL: State Voter ID Laws.

Tags:

Posted by EPIC on December 28, 2011 12:50 AM | | TrackBacks (0)

EPIC Submits Comments on FTC Facebook Privacy Settlement

EPIC submitted comments to the FTC on a proposed settlement with Facebook. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. However, EPIC said that the settlement is "insufficient to address the concerns originally identified by EPIC and the consumer coalition, as well as those findings established by the Commission." In order to address the issues raised by the complaints, respond to recent changes in Facebook's business practices like Timeline, and fulfill the FTC's duty to act in the public interest, EPIC recommended that the settlement be improved. Specifically, EPIC recommended that the FTC require Facebook to restore the privacy settings users had in 2009; give users access to all of the data that Facebook keeps about them; stop making facial recognition profiles without users' consent; make the results of the government privacy audits public; and stop secretly tracking users across the web. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement.

Tags:

Posted by EPIC on December 28, 2011 1:59 PM | | TrackBacks (0)

EPIC Urges FTC Investigation into Facebook Timeline

EPIC sent a letter requesting that the Federal Trade Commission determine whether changes Facebook has made to the profiles of its users are consistent with the terms of a settlement reached between Facebook and the FTC. EPIC's letter states that "with Timeline, Facebook has once again taken control over the user's data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user." The settlement requires Facebook to give users clear and prominent notice and obtain users' express consent before changing their privacy settings. EPIC sent a similar letter to the FTC about Timeline and the secret tracking of users in September 2011. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement.

Tags:

Posted by EPIC on December 28, 2011 2:13 PM | | TrackBacks (0)

Search


About December 2011

This page contains all entries posted to epic.org in December 2011. They are listed from oldest to newest.

November 2011 is the previous archive.

January 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3