« February 2012 | Main | April 2012 »

March 2012 Archives

March 1, 2012

European Justice Minister Says Google Now in Violation of EU Law

European Justice Minister Vivian Reding said today that Google's March 1 changes to its terms of service violate European Union law "in numerous respects." Commissioner Reding pointed to the failure of the company to obtain user consent, the lack of transparency, and the fact that most users do not read privacy policies. European privacy officials recently concluded that the changes do not comply with the European Union Data Protection Directive and asked the company to suspend its planned changes. In the US, EPIC has urged a federal court to require the Federal Trade Commission to determine whether Google's changes changes violate a 2011 Consent Order. The court denied the motion. The case is now on appeal. For more information, see EPIC v. FTC (Google Consent Order).

EPIC Urges DHS to Abide by Privacy Laws When Conducting Technology Research

Earlier this week, EPIC submitted comments to the DHS on "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research." DHS sought public views on the privacy implications of ethical human subject research in information and communication technology research. EPIC said that many federal privacy laws, such as the Privacy Act of 1974, set out legal standard for how government agencies should protect personal data. EPIC strongly urged DHS to abide by federal privacy laws rather than adopt non-binding principles, which are not enforceable and provide few rights for individuals. For more information, see EPIC: Privacy and The Common Rule.

March 2, 2012

Twitter to Sell Two Years' Worth of Old Tweets

Twitter recently announced a deal with the analytics firm Datasift that authorizes Datasift to sell the content of public tweets posted over the last two years. Companies who buy the data from Datasift will be able to market to users based on the topic or location of the tweets. DataSift will be required to regularly remove tweets that users delete. Previously, Twitter gave the Library of Congress access to every public tweet since the company’s inception in 2006. In 2011, the Federal Trade Commission reached a settlement with Twitter over charges that inadequate security measures allowed computer criminals to gain administrative access to the company. For more information, see EPIC: Federal Trade Commission.

March 5, 2012

DHS Privacy Office Releases 2011 Data Mining Report

The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency's current activities that fall within the legislative definition of "data mining." Among other things, this year's report references the Agency's programs to profile individuals entering or leaving the country to determine who should be subject to "additional screening." A FOIA request by EPIC in 2011 revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office.

March 6, 2012

Court Blocks Wisconsin Voter ID Law

A Wisconsin state court has granted a temporary order blocking the state from enforcing a new voter ID requirement. Wisconsin is one of eight states that now require voters to present a government-issued photo ID. Voter ID laws typically discourage voter turnout, particularly among poor and minority communities. In NAACP v. Walker, the Wisconsin court said that the "scope of impairment has been shown to be serious, extremely broad and largely needless." For more information, see EPIC: Voter Photo ID and Privacy.

March 11, 2012

Big Data: Privacy Threat or Business Model?

Big Data: Privacy Threat or Business Model?

Lillie Coney,
EPIC Associate Director

SXSW
Austin, TX
March 11, 2012

March 9, 2012

Video, Blog Post Raise New Questions About Airport Body Scanners

A popular video "How To Get Anything Through TSA Nude Body Scanners" show that it is easy to bypass airport body scanners by hiding materials perpendicular to the plane of the scanning devices. The video also notes that traditional metal detectors, now being removed from US airports, would routinely alert to the presence of metallic objects. Still more interesting may be the recent blog post by a 25-year FBI agent, expert in aviation security, who writes that the "TSA has never foiled a terrorist plot or stopped an attack on an airliner" and that "the entire TSA paradigm is flawed." In a federal lawsuit, EPIC challenged the TSA airport scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners).

Pew Study: Search Engine Users Anxious About Collection of Personal Information

A Pew study found that users of search engines were pleased with the quality of search results but opposed targeted advertising and search results, and were generally anxious about the collection of personal information by search engines. Specifically, 73 percent of those surveyed were opposed to search engines tracking their searches, and 68 percent opposed behavioral advertising. 83 percent of respondents reported using Google to conduct searches. Recently, Google began combining user data gathered from more than sixty Google products and services—including Google search--to create a single, comprehensive profile for each user. For more information, see EPIC: Search Engine Privacy and EPIC: EPIC v. FTC.

March 12, 2012

EPIC Publishes 2012 FOIA Gallery

In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2012. The gallery highlights key documents obtained by EPIC in the past year, including the Federal Bureau of Investigation's watch list guidelines, records of the Department of Homeland Security's social media monitoring program, Google's first Privacy Compliance Report, records detailing the government's FAST scanning program, records of the FBI's surveillance of Wikileaks supporters, and DHS records detailing the use of body scanners at the U.S. border. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.

Justice Department Strikes Down Texas Voter ID Law

The Department of Justice has determined that a Texas voter ID law that requires photo identification violates the Voting Rights Act of 1965. The Texas law requires voters to present a driver's license or ID card issued by the state. The law also permits a voter to use military photo ID, a US citizenship certificate that contains the person's photograph, a US passport, or a license to carry a concealed handgun. The Department of Justice found that the Texas voter ID law disproportionately affects Hispanic voters because Hispanic voters are between 47% and 120% more likely than non-Hispanic registered voters to lack acceptable photo identification. The Department of Justice found that Texas "has not met its burden of proving that . . . the proposed [voter ID law] will not have a retrogressive effect, or that any specific features of the proposed law will prevent or mitigate that retrogression." In the voting conext, "retogression" refers to the disenfranchisement of eligible voters. For more information, see EPIC: Voter Photo ID and Privacy.

EPIC Urges Senate to Safeguard FOIA for Cybersecurity

In a detailed statement to the Senate for a hearing on the "Freedom of Information Act: Safeguarding Critical Infrastructure and the Public's Right to Know," EPIC said that safeguarding FOIA was critical to ensure government oversight and accountability. EPIC described how the FOIA provides the public important information about safety and security, but also warned that the National Security Agency has become a "black hole" for public information about cyber security. EPIC described several NSA programs, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. EPIC v. NSA, a challenge to the agency's "neither confirm nor deny" response to an EPIC FOIA request will be heard next week by the DC Circuit Court of Appeals. For more information, see EPIC: Cybersecurity.

March 16, 2012

"Freedom of Information Day; Is Exemption 3 Out of Control?"

"Freedom of Information Day; Is Exemption 3 Out of Control?"

Ginger McCall,
EPIC Open Government Director

American University Washington College of Law
Washington, DC
March 16, 2012

March 15, 2012

Navigating a Framework for Consumer Policy in a Digital Age

Navigating a Framework for Consumer Policy in a Digital Age

Lillie Coney,
EPICAssociate Director

Joint Center for Political and Economic Studies
Washington DC
March 15, 2012

March 14, 2012

Federal Agency Settles Health Privacy Case with Blue Cross for $1.5 Million

The Department of Health and Human Services announced a settlement with Blue Cross Blue Shield after the company’s inadequate security measures allowed 57 unencrypted hard drives containing private health information to be stolen from a facility in Tennessee. The agency cannot issue a fine greater than $1.5 million, but it could have filed criminal charges or requires Blue Cross to mitigate future patient harms. For more information, see EPIC: Medical Privacy.

Open Government Groups Oppose Cyber Security FOIA Exemption

Open government organizations have sent a letter to Senator John McCain, opposing specific provisions in a cybersecurity bill he introduced. The SECURE IT Act would create a new Freedom of Information Act exemptions for "cyber threat information" as well as for all information shared with a cybersecurity center. FOIA exemptions limit public access to government information. The organizations stated, "Unnecessarily wide-ranging exemptions of this type have the potential to harm public safety and the national defense more than they enhance those interests." In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions and said that the National Security Agency has become a "black hole" for public information about cybersecurity. For more information, see EPIC: Cybersecurity.

March 19, 2012

"Privacy and Protection of Personal Data"

"Privacy and Protection of Personal Data"

Marc Rotenberg,
EPIC Executive Director

US Institute of Peace
Washington, DC / Brussels
March 19, 2012

March 20, 2012

EPIC v. NSA. No. 11-5233

EPIC v. NSA. No. 11-5233

EPIC's challenge to the "neither confirm nor deny" response of NSA regarding a FOIA request for information about the agency's relationship with Google.

DC Circuit Court of Appeals
Washington, DC
March 20, 2012

March 21, 2012

"Data Protection and Privacy: EU & U.S. Frameworks and Initiatives"

Marc Rotenberg,
EPIC Executive Director

European Institute
Washington, DC
March 21, 2012

March 15, 2012

House and Senate Call for Investigation on Airport Body Scanner Radiation Risks

Both the House and the Senate introduced bills last month that would require the Department of Homeland Security "to contract with an independent laboratory to study the health effects of backscatter x-ray machines used at airline checkpoints operated by the Transportation Security Administration," and to provide improved notice of the health effects to airline passengers. The bills focus on the health effects of those screened by the backscatter x-ray machines, including frequent air travelers, flight crews, and individuals with greater sensitivity to radiation, such as children, pregnant women, the elderly, and cancer patients. In 2010, EPIC filed a Freedom of Information Act lawsuit asking a court to force the Department of Homeland Security to disclose documents about radiation testing results and agency fact sheets on radiation risks. For more information, see EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks.

March 19, 2012

EPIC Urges Court to Uphold Location Privacy in Cell Phone Tracking Case

EPIC filed a "Friend of the Court" brief in the Fifth Circuit urging the court to uphold Fourth Amendment protections for cell phone users. In the case, In re US for Historical Cell-Site Data, the lower court held that the disclosure of historical cell phone location records without a warrant would violate the Fourth Amendment. EPIC argued that this opinion should be upheld in light of the Supreme Court's recent decision in United States v. Jones, because cell phone location records are collected without the knowledge or consent of users. The records in this case, EPIC argued, create a "comprehensive map of an individual’s movements, activities, and relationships, . . . precisely the type of information that individuals reasonably and justifiably believe will remain private." For more information, see In re Historical Cell-Site Location Information, EPIC: State v. Earls, and EPIC: US v. Jones.

EU and US Privacy Officials Convene

Policymakers from the United States and the European Union are participating in a joint conference today on Privacy and Protection of Personal Data. EU Vice President Viviane Reding and US Commerce Secretary John Bryson issued a common statement reaffirming a commitment to privacy protection. US and EU consumer and privacy organizations also issued a statement commending the new US Consumer Privacy Bill of Rights but cautioning that the US has far more to do to safeguard the interests of users of new Internet-based services. For more information, see Public Voice - The Madrid Declaration.

EPIC to Argue for Disclosure of Google-NSA Agreement before Federal Appeals Court

EPIC will pursue its Freedom of Information Act request with the National Security Agency in scheduled arguments before the Court of Appeals for the DC Circuit this Tuesday morning. EPIC submitted the FOIA request in February 2010, following a widely reported collaboration between Google and the NSA after the China hack. The agency replied that it could "neither confirm nor deny" the existence of records responsive to EPIC's request. A lower court ruled in favor of the NSA, but EPIC has challenged that opinion, and the federal appeals court will hear the case on March 20, 2012. The case is EPIC v. NSA, No. 11-5233.

March 20, 2012

House of Representatives Issues FOIA Request Management Report Card

The U.S. House of Representatives Committee on Oversight and Government Reform issued a "Report Card on Federal Government's Efforts to Track and Manage FOIA Requests." The Report Card assigned letter grades to agencies based upon their "ability and willingness . . . to submit information" to the House Committee about the agencies’ FOIA tracking systems. This information included the requester's name, the date of the request, a description of the records sought by requesters, the date the request was closed, and whether the agency provided responsive records to the request. The Federal Trade Commission was one of the highest scoring agencies, earning an "A+" for its FOIA management. The Department of Justice, the Department of Defense, and the Department of Homeland Security each received a "D" letter grade for their FOIA tracking systems. For more information, see: EPIC: Open Government.

March 28, 2012

NYPD: The Community Under a Microscope

Ginger McCall,
Director, EPIC's Open Government Project

American-Arab Anti-Discrimination Committee
Washington, DC
March 28, 2012

March 23, 2012

Facebook Policy Changes Raises Questions About Compliance with 2011 Consent Order

Facebook has begun to review comments on changes to its Statement of Rights and Responsibilities. Among other changes, Facebook now states that a user's information is disclosed to apps used by his or her friends, that Facebook software or plugins that users download may automatically download updates, upgrades, and additional features, and that users may not tag others who do not wish to be tagged. The FTC recently issued a proposed settlement with Facebook after finding that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." In particular, the FTC found that Facebook had misled users about the extent to which their personal information would be made available to apps used by their friends. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 and bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC said that the settlement is "insufficient to address the concerns originally identified by EPIC and the consumer coalition, as well as those findings established by the Commission." For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement.

Department of Homeland Security Releases Revised Privacy Impact Assessments

The Privacy Office of DHS has released several revised Privacy Impact Assessments for various DHS programs. These reports analyze the privacy risks of federal government systems. Last year, EPIC FOIA requests regarding a Minority Report-like program called "FAST" found that the DHS had failed to adequately assess privacy risks. According to the agency, the "Future Attribute Screening Technology" program assesses "physiological and behavioral signals" to determine the probability that an individual might commit a crime. For more information, see: EPIC: Future Attribute Screening Technology (FAST) Project FOIA Request. To order the movie Minority Report from Amazon and support EPIC, click here.

Director of National Intelligence Gains New Powers, Expands Datamining of US Citizens

Under revised guidelines for the National Counterterrorism Center, the intelligence agency officials will be able to profile and track American citizens, suspected of no crime, for up to five years. The change represents a dramatic expansion of government surveillance and appears to violate the Privacy Act of 1974, which limits data exchanges across federal agencies and establishes legal rights for US citizens. In 2003, Congress put an end to a similar program. For more information, see EPIC - Total Information Awareness.

March 26, 2012

Senators Call for Investigation into Employer Demands for Facebook Passwords

Senators Blumenthal and Schumer asked the Equal Employment Opportunity Commission and the Department of Justice to investigate the practice of employers asking job applicants to surrender Facebook user names and passwords. The Senators pointed out that accessing an applicant's profile could reveal sensitive information that employers are not permitted to ask about or base hiring decisions on. Thus, employers could be violating the Civil Rights Act and other federal laws, including the Stored Communication Act and the Computer Fraud and Abuse Act, which prohibit "unauthorized access" to electronic information. “Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both [Acts]," the letter states. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy.

Federal Trade Commission Calls for Privacy Legislation

Today the Federal Trade Commission released Protecting Consumer Privacy in an Era of Rapid Change. The FTC report called for the enactment of baseline privacy legislation and for legislation that gives consumers the right to access personal information held by data brokers. However, the framework is not as extensive as the White House Consumer Privacy Bill of Rights and depends on industry self-regulation. EPIC previously commented on an earlier draft of the framework, pointing out that the FTC "mistakenly endorses self-regulation and 'notice and choice,' and fails to explain why it has not used its current Section 5 authority to better safeguard the interests of consumers." For more information, see EPIC: Federal Trade Commission.

DHS Privacy Office Issues Quarterly Report to Congress

The DHS Privacy Office has issued its First Quarter Fiscal Year 2012 Report to Congress. The report details DHS programs and functions that affect privacy, such as privacy impact assessments and system of records notices. The report also summarizes the 295 privacy compliance complaints that DHS has received between September 1, 2011 and November 30, 2011. EPIC has closely followed DHS Privacy Office activities, and has worked to ensure timely release of DHS privacy reports. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.

March 27, 2012

EPIC to Congress: Privacy Act Modernization Bill Should be Stronger

In response to a request from Senator Daniel Akaka(D-HI), EPIC sent a letter explaining that S.1732, the Privacy Act Modernization for the Information Age Act of 2011, should be strengthened to ensure better privacy protection. The Privacy Act of 1974 governs federal agencies' collection, retention, and use of personally identifiable information. In October 2011, Senator Akaka proposed the Privacy Act Modernization bill, which would update the Privacy Act of 1974. EPIC's letter points out that the proposed circumstances under which agencies can disclose personal information should be narrowly tailored. EPIC also noted that certain proposed amendments in the bill insufficiently warn individuals of government security breaches affecting individuals' personal information. For more information, see EPIC: The Privacy Act of 1974.

FTC Announces Settlement with RockYou Over Security Flaws, COPPA Violations

The Federal Trade Commission announced a settlement with the social game site RockYou over charges that the site's poor security allowed hackers to access the personal information of 32 million users. The FTC also alleged that RockYou violated the Children's Online Privacy Protection Act Rule by knowingly collecting approximately 179,000 children's email addresses and associated passwords without the consent of their parents. The settlement prohibits future deceptive claims by the company regarding privacy and data security and future violations of the COPPA Rule, and requires the company to implement a data security program and to pay a $250,000 civil penalty. Last year, the FTC proposed new COPPA rules to better protect children, about which EPIC submitted comments. For more information, see EPIC: Children’s Online Privacy and EPIC: FTC.

March 28, 2012

Supreme Court Limits Privacy Act Remedies

In a 5-3 opinion, the Supreme Court held today that the Privacy Act does not allow recovery of mental and emotional damages suffered as a result of the Government's "willful and intentional violation" of the Act. Justice Alito, writing for the Court in FAA v. Cooper, said that the key term "actual damages" was ambiguous, and should be narrowly construed to limit Government liability. In a dissenting opinion, joined by two other Justices, Justice Sotomayor argued that the purpose of the Privacy Act is unambiguous: to protect individuals from "substantial harm, embarrassment, inconvenience, or unfairness" that result from Government privacy violations. EPIC filed an amicus curiae brief in the case, stating that privacy laws routinely provide recovery for mental and emotional harm, that such damages are the most common result of privacy violations, and that civil remedies are necessary to ensure enforcement of the Privacy Act. Congress is currently considering amendments to the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC to Congress: Privacy Act Modernization Bill Should be Stronger.

About March 2012

This page contains all entries posted to epic.org in March 2012. They are listed from oldest to newest.

February 2012 is the previous archive.

April 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.