« March 2013 | Main | May 2013 »

April 2013 Archives

April 1, 2013

Florida State University ACLU Lecture on Privacy and Government Surveillance

Amie Stepanovich,
Director, EPIC Domestic Surveillance Project

Florida State University College of Law
Tallahasee, FL
April 1, 2013

Posted by EPIC on April 1, 2013 6:00 PM | | TrackBacks (0)

April 2, 2013

Travel Surveillance, Traveler Intrusion

"Travel Surveillance, Traveler Intrusion"

Ginger McCall,
Director, EPIC Open Government Program

CATO Institute
Washington, D.C.
April 2, 2013

Posted by EPIC on April 2, 2013 11:22 AM | | TrackBacks (0)

April 14, 2013

"Data Collection, Data Mining, Data Brokers and Consumer Privacy"

Marc Rotenberg
EPIC Executive Director

"Privacy in the Digital Age"
National Association of Attorneys General
Annual conference
National Harbor, MD
April 14, 2013

Posted by EPIC on April 14, 2013 3:22 PM | | TrackBacks (0)

April 2, 2013

EU Takes Action Against Google for Privacy Policy Meltdown

Data protection agencies in six European countries have announced enforcement actions against Google. The agencies acted after Google ignored recommendations to comply with European data protection law. "It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the French data protection authority said. The enforcement action follows from Google's March 2012 decision to combine user data across 60 Internet services to create detailed profiles on Internet users. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's revised privacy policies also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

Tags:

Posted by EPIC on April 2, 2013 5:24 PM | | TrackBacks (0)

April 11, 2013

Spring 2013 Trustees Meeting: Building Trust in a Digital Age

Spring 2013 Trustees Meeting: Building Trust in a Digital Age

Khaliah Barnes,
EPIC Administrative Law Counsel

Marketing Science Institute
Boston, MA
April 11, 2013

Posted by EPIC on April 11, 2013 3:50 PM | | TrackBacks (0)

April 4, 2013

Federal Appeals Court Rules that Government Agencies Must Make an Actual "Determination" in Response to FOIA Requests

The D.C. Circuit Court reversed a lower court decision and sided with the Citizens for Responsibility and Ethics in Washington in a case concerning an agency's obligation to respond to a Freedom of Information Act request. CREW argued that the Federal Election Commission's response to its FOIA request did not meet the statutory obligations of a "determination" under the Act. The federal appeals court held that an agency must make and communicate its determination whether to comply with a FOIA request, and which exemptions if any it will claim with respect to any withheld documents, within 20 working days of receiving the request, or within 30 days in exceptional circumstances. EPIC joined five other prominent open government groups in a "friend of the court" brief in support of CREW. For more information, see EPIC: Open Government.

Tags:

Posted by EPIC on April 4, 2013 10:33 AM | | TrackBacks (0)

EPIC Comments on FTC's FOIA Procedures

EPIC has submitted comments to the Federal Trade Commission, supporting several of the agency's changes to its FOIA regulations. EPIC applauded the agency for reducing fees for requesters. EPIC also urged the Committee to: (1) update its definition for news media representative; (2) clarify which documents are public information and ensure that hyperlinks to those records work properly; (3) disclose private sector contract rates for FOIA processing; (4) refrain from prematurely closing FOIA requests; and (5) adopt alternative dispute resolution or arbitration when resolving delinquent FOIA fees. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters. Last year, EPIC submitted extensive comments to theDepartment of Defense, warning the agency not to erect new obstacles for FOIA requesters. For more information, see EPIC: Open Government.

Tags:

Posted by EPIC on April 4, 2013 1:57 PM | | TrackBacks (0)

EPIC Supports Public Mark Up for Controversial Cyber Security Bill

EPIC joined a letter signed by a coalition of privacy and civil liberty organizations to urge the House Permanent Select Committee on Intelligence to open the markup process of the Cyber Intelligence Sharing and Protection Act (CISPA) to the public. CISPA suspends privacy safeguards so that companies can disclose vast amounts of customer and client information to the government, including the National Security Agency, for "cybersecurity purposes." Some in Congress believe that the proposal should be adopted in a secret committee meeting. EPIC favors government transparency and is currently pursuing a lawsuit against the NSA stemming from a FOIA request for National Security Presidential Directive 54, which grants the NSA broad authority over computer networks in the United States. For more information, see EPIC: EPIC v. NSA - Cybersecurity Authority.

Tags:

Posted by EPIC on April 4, 2013 5:02 PM | | TrackBacks (0)

April 8, 2013

EPIC Sues FBI to Obtain Details of Massive Biometric ID Database

EPIC has filed a Freedom of Information Act lawsuit against the FBI to obtain documents about "Next Generation Identification", a massive database with biometric identifiers on millions of Americans. The EPIC lawsuit follows the FBI's failure to respond to EPIC's earlier FOIA requests for technical specifications and contracts. According to EPIC's complaint, "When completed, the NGI system will be the largest biometric database in the world." NGI aggregates fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other identifying information. The FBI will use facial recognition to match images in the database against facial images obtained from CCTV and elsewhere. For more information, see EPIC v. FBI - Next Generation Identification, EPIC: Biometric Identifiers and EPIC: Face Recognition.

Tags:

Posted by EPIC on April 8, 2013 6:07 PM | | TrackBacks (0)

April 12, 2013

EPIC Comments on Federal Cybersecurity Framework

In response to a request for comments, EPIC submitted comments on the National Institute of Standards and Technology’s review to develop a cybersecurity framework. Pursuant to Executive Order 13636, the agency is charged with defining a cybersecurity framework for the federal government. EPIC supports civilian control of cybersecurity and privacy protections based on the Fair Information Practices. In the comments to NIST, EPIC emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act. For more information, see EPIC: Cybersecurity Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).

Tags:

Posted by EPIC on April 12, 2013 9:39 AM | | TrackBacks (0)

April 15, 2013

Supreme Court Will Not Review E-mail Privacy Case

In an order today, the U.S. Supreme Court has declined to review a decision concerning e-mail privacy. In Jennings v. Broome, the South Carolina Supreme Court held that the federal Electronic Communications Privacy Act (ECPA) does not protect emails stored on remote computer servers. As a result of this case, users in South Carolina have lesser privacy protections than those in California where a federal court reached the opposite conclusion. EPIC, joined by 18 national organization filed an amicus brief, urging the US Supreme Court to clarify the scope of e-mail privacy protections. For more information, see EPIC: Jennings v. Broome and EPIC: Electronic Communications Privacy Act.

Tags:

Posted by EPIC on April 15, 2013 4:51 PM | | TrackBacks (0)

April 16, 2013

FCBA Young Lawyers Committee - Apps: The Legal and Business Landscape

FCBA Young Lawyers Committee - Apps: The Legal and Business Landscape

Alan Butler,
EPIC Appellate Advocacy Counsel

Hogan Lovells US
Washington, D.C.
April 16, 2013

Posted by EPIC on April 16, 2013 10:21 AM | | TrackBacks (0)

FTC Releases 2013 Report

The Federal Trade Commission has released its annual report for the period from April 2012-2013. The report begins with a description of the FTC’s accomplishments on consumer privacy, and lists the data-breach lawsuit against Wyndham, Google’s $22.5 million fine for tracking Safari users, settlements with the data brokers Equifax and Spokeo, and a survey of the credit reporting industry. EPIC has previously recommended that the FTC enforce its consent orders with Google and Facebook, require adoption of the Consumer Privacy Bill of Rights, and modify proposed settlements in response to public comment. For more information, see EPIC: Federal Trade Commission.

Tags:

Posted by EPIC on April 16, 2013 10:52 AM | | TrackBacks (0)

EPIC's Rotenberg Urges State Attorneys General to Safeguard Consumer Privacy

Speaking at the annual conference of the National Association of Attorneys General, EPIC President Marc Rotenberg said that the state AG's cannot sit on the sidelines as consumers face increasing risks of identity theft, security breaches, and secretive profiling. Rotenberg said the onus shouldn’t be on consumers to keep up with every-changing policy practices. “There is no reason that a customer should have to go back and check their privacy settings when a company changes its business practice." The Attorneys General recently fined Google $7 m for violating state consumer protection laws when the companies vehicles, loaded with Internet packet sniffers, intercepted private residential communications. EPIC has also launched a promotional video "Good to Really Know" with information for consumers about online privacy. For more information, see EPIC: Consumer Privacy Bill of Rights and EPIC: Consumer Privacy.

Tags:

Posted by EPIC on April 16, 2013 10:59 AM | | TrackBacks (0)

European Privacy Agencies Issue Report on Privacy and Big Data

Responding to growing interest in privacy and "big data," representatives of the data protection agencies in Europe have issued an opinion on the purpose limitation principles in the context of big data. The Article 29 Working Party recommends that personal data should be collected for "specified, explicit and legitimate purposes" and that personal data not be "further processed in a way incompatible with those purposes." The group also recommended that the proposed EU data protection regulation incorporate a list of factors to aid in determining compatible uses. Last fall, EPIC Executive Director Marc Rotenberg testified in support of the proposed reform before the European Parliament, and a group of transatlantic consumer organizations wrote a letter expressing their support. For more information, see EPIC: EU Data Protection Directive.

Tags:

Posted by EPIC on April 16, 2013 5:37 PM | | TrackBacks (0)

DHS Reveals More Information on Covert Social Media Monitoring Program

The Department of Homeland Security has issued a Privacy Impact Assessment, updating information on its controversial social media monitoring program. As part of the program, DHS scours social media sites, including Twitter, Facebook, and Youtube, for public posts that contain words such as "cops," "police," "airport," "hacktivist," and "zombie." DHS then disseminates social media information it has collected to "federal, state, local, and foreign government and private sector partners." Although the Privacy Impact Assessment states DHS should only collect "relevant" social media information, the document also states that "any information posted publicly can be used by [DHS] in providing situational awareness and establishing a common operating picture." Recently, EPIC obtained a court order and an opinion in a Freedom of Information Act lawsuit against DHS, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. For more information, see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring.

Tags:

Posted by EPIC on April 16, 2013 5:47 PM | | TrackBacks (0)

White House Threatens to Veto CISPA Unless Privacy Protections Improved

In a Statement of Administration Policy, the White House threaten to veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) unless more robust privacy and civil liberties protections are added and newly authorized information sharing goes through a civilian agency. EPIC joined a letter signed by a coalition of privacy and civil liberty organizations to urge the House Permanent Select Committee on Intelligence to open the markup process for CISPA. The markup for CISPA remained closed, and currently as drafted, CISPA would allow companies to disclose vast amounts of customer and client information to other companies and the government, including the National Security Agency, for "cybersecurity purposes." EPIC favors government transparency and is currently pursuing a lawsuit against the NSA stemming from a FOIA request for National Security Presidential Directive 54, which grants the NSA broad authority over computer networks in the United States. For more information, see EPIC: EPIC v. NSA - Cybersecurity Authority.

Tags:

Posted by EPIC on April 16, 2013 6:41 PM | | TrackBacks (0)

EPIC Appeals FOIA Decisions Concerning Body Scanner Information

EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program.

Tags:

Posted by EPIC on April 16, 2013 6:47 PM | | TrackBacks (0)

April 19, 2013

White House Releases Unclassified Summary of Presidential Cybersecurity Directive

The White House has released an unclassified summary of Presidential Policy Directive 20. The Policy Directive sets out the cybersecurity authority of the National Security Agency in the United States and has raised concerns about government surveillance of the Internet. The existence of the Directive was detailed in a story in the Washington Post in 2012, and EPIC immediately pursued the public release of the document. According to the White House, PPD-20 "established principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools." EPIC is still pursuing the release of the full document. For more information see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (NSPD 54).

Tags:

Posted by EPIC on April 19, 2013 3:59 PM | | TrackBacks (0)

April 23, 2013

Consumer Groups Oppose Delay for New Children’s Privacy Rules

A group of consumer, privacy, and children's advocates wrote to the Federal Trade Commission to oppose an industry effort to delay implementation of the new Children's Online Privacy Protection Act rule. The groups noted that two-and-a-half years have passed since the Commission proposed the updates to COPPA. They said there was no "compelling reason for giving the industry more time to comply with the law." The new Rule expands the definition of personal information to include geolocation information and persistent identifiers (or cookies), and prevents third-party advertisers from secretly collecting children's personal information without parental consent for advertising purposes. EPIC previously commented in support of the proposed rule and a revised version. The new safeguards follow a report by the FTC finding that many child-directed mobile apps conceal their data collection practices. For more information, see EPIC: FTC and EPIC: Children’s Online Privacy.

Tags:

Posted by EPIC on April 23, 2013 10:33 AM | | TrackBacks (0)

EPIC Files Amicus Brief, Urges Disclosure of Secret Legal Memos

EPIC, joined by seven open government organizations, has filed a "friend of the court" brief urging a federal appeals court to order the government to disclose the legal authority for drone strikes. The case, New York Times v. Department of Justice, asks whether the administration is required, under the Freedom of Information Act, to disclose legally binding opinions from the DOJ's Office of Legal Counsel. EPIC's brief argues that these opinions cannot be withheld under the FOIA. "By withholding these legal opinions, which direct the actions of the government and impact private parties, the Department is establishing secret law that is antithetical to democratic governance." For more information, see EPIC: New York Times v. DOJ and EPIC: Open Government.

Tags:

Posted by EPIC on April 23, 2013 11:38 AM | | TrackBacks (0)

Froomkin, Kaplan, "Spaf," and Wu Join EPIC Advisory Board

EPIC has announced the 2013 members of the EPIC Advisory Board. They are Michael Froomkin, Distinguished Professor of Law at the University of Miami School of Law; Sheila Kaplan, student privacy advocate and founder of Education New York; Eugene Spafford, a/k/a/ "Spaf," professor of Computer Science at Purdue University; and Tim Wu, professor at Columbia Law School and author of "The Master Switch." The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Joining the EPIC Board of Directors in 2013 are current Advisory Board members David Farber, Joi Ito, and Jeff Jonas. For more information, see EPIC: EPIC Advisory Board.

Tags:

Posted by EPIC on April 23, 2013 1:03 PM | | TrackBacks (0)

Polls Show Little Support for Expanding Government Surveillance

Polls conducted by Fox News and the Washington Post following the bombing in Boston last week show little support for changes in the scope of government surveillance. According to Fox News, when asked "Would you be willing to give up some of your personal freedom in order to reduce the threat of terrorism?" for the first time since before 9/11, more said they would not (45%) as compared with those who said they would (43%). A Washington Post poll indicated that the public was more concerned (48%) that the government would go too far to investigate terrorism than that it would not go far enough (41%). A Rassmusen Poll conducted of likely voters found that more than half of the respondents — 54 percent — said economic threats were a greater danger to the country than terrorism. According to 538, that is "almost unchanged from a Rasmussen survey conducted in late January, more than two months before the bombs were detonated in Boston near the marathon finish line." For more information, see EPIC, Public Opinion on Privacy.

Tags:

Posted by EPIC on April 23, 2013 4:43 PM | | TrackBacks (0)

EPIC to FAA: Establish Privacy Standards for Drone Use

EPIC has submitted comments to the Federal Aviation Administration, urging the agency to mandate minimum privacy standards for drone operators. In 2012, Congress told the Agency to implement a comprehensive plan to integrate drones into the National Airspace. Shortly after, EPIC, joined by over 100 other organizations, experts, and members of the public, petitioned the agency to address privacy in the integration process. EPIC's petition noted, "drones greatly increase the capacity for domestic surveillance." In February 2013, the Agency responded to EPIC's petition, announcing it would "address [privacy issues] through engagement and collaboration with the public." As a result, the FAA published a Notice with proposed privacy requirements for drone operators. EPIC recommended that the FAA mandate the proposed privacy standards, which are based on Fair Information Practices, and maintain a public database of all drone operators. For more information, see EPIC: Domestic Unmanned Aerial Vehicles and Drones.

Tags:

Posted by EPIC on April 23, 2013 4:51 PM | | TrackBacks (0)

Public Opposes TSA Nude Body Scanners

Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit.

Tags:

Posted by EPIC on April 23, 2013 12:34 PM | | TrackBacks (0)

April 24, 2013

EPIC FOIA Request Reveals Details About Government Cybersecurity Program

New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority.

Tags:

Posted by EPIC on April 24, 2013 11:36 AM | | TrackBacks (0)

DHS Releases Revised Privacy Impact Assessment on Internet Monitoring Program

The Department of Homeland Security has released a Privacy Impact Assessment for Einstein 3 - Accelerated. Einstein 3 is a government cybersecurity program that monitors Internet traffic. The monitoring includes scanning email destined for .gov networks for malicious attachments and URLs. According to DHS, the basis of the government’s authority to perform the monitoring is National Security Presidential Directive 54. EPIC is pursuing FOIA litigation to force the government to release the Directive to the public. For more information, see EPIC v. NSA - Cybersecurity Authority.

Tags:

Posted by EPIC on April 24, 2013 11:43 AM | | TrackBacks (0)

April 10, 2013

EPIC Obtains News Information on TSA Body Scanner Program

The Transportation Security Administration was forced to disclose additional information regarding the Agency's controversial body scanner program after EPIC prevailed in a lawsuit against the Agency. In March 2013, Judge Royce Lamberth held that the Agency had unlawfully redacted certain information from records released to EPIC under the Freedom of Information Act containing details on software modifications made to the scanners. In response to a separate lawsuit filed against the Department of Homeland Security regarding the Agency's authority to deploy the devices, the TSA has initiated a process to allow the public to comment on the program. EPIC is recommending that the TSA adopt more effective screening procedures. For more information, see and EPIC v. DHS (Suspension of Body Scanner Program).

Tags:

Posted by EPIC on April 10, 2013 5:29 PM | | TrackBacks (0)

April 26, 2013

Senate Committee Clears Update to Email Privacy Law

The Senate Judiciary Committee has approved a bill that would update the Electronic Communications Privacy Act, a 1986 law that provides privacy protections for email and digital communications. The update, sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator Mike Lee (R-UT), would extend protections to communications that are stored in the cloud. Earlier this year, the Supreme Court declined to review a decision by the South Carolina Supreme Court which held that ECPA does, protect emails stored on remote computer servers. EPIC, joined by 18 national organizations filed an amicus brief, urging the Supreme Court to clarify the scope of e-mail privacy protections. In March, EPIC sent a letter to the House Judiciary Committee, recommending a comprehensive review of the law. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Jennings v. Broome.

Tags:

Posted by EPIC on April 26, 2013 9:27 AM | | TrackBacks (0)

House Subcommittee Considers Geolocation Privacy

The House Subcommittee on Crime, Terrorism, Homeland Security, and Investigations today heard testimony today on proposed Geolocation Privacy safeguards for the collection and use of location data generated by cellphones and other devices. As EPIC recently noted in a letter to the House Judiciary committee, and testimony before the Maryland House of Delegates and Texas House of Representatives on similar bills, ECPA does not protect location records; courts are divided on whether such records are protected by the Fourth Amendment. For more information, see EPIC: Locational Privacy.

Tags:

Posted by EPIC on April 26, 2013 11:05 AM | | TrackBacks (0)

EPIC Pursues Public Release of Facebook and MySpace Privacy Reports

EPIC has submitted Freedom of Information Act requests for the release of the privacy assessments of Facebook and MySpace submitted to the Federal Trade Commission. As a result of privacy violations, both companies are required to implement comprehensive privacy programs and submit to independent, biennial evaluations for 20 years. Previously, EPIC obtained a copy of Google's initial privacy assessment that redacted information about the standards by which the assessment was completed, the test procedures used to assess the effectiveness of Google's privacy controls, the procedures Google uses to identify privacy risks, and the types of personal data Google collects from users. The FTC settlements with Facebook and Google arose from complaints brought by EPIC and other consumer organizations. In comments to the agency on the proposed settlements, EPIC recommended that the privacy assessments be publicly available. For more information, see EPIC: Federal Trade Commission and EPIC: Open Government.

Tags:

Posted by EPIC on April 26, 2013 5:53 PM | | TrackBacks (0)

April 29, 2013

Supreme Court Upholds Residents-Only Provision in Virginia Open Records Law

The Supreme Court ruled today that Virginia's freedom of information law, which allows only Virginia residents to pursue open government requests, does not violate the U.S. Constitution. Petitioners argued that the law impermissibly burdened out-of-state residents ability to provide open records services to clients, to purchase and transfer Virginia property, to access Virginia court proceedings, and to access important public information. But the Court found in McBurney v. Young that the majority of state records were available to non-residents in some form and that there was no fundamental "right to access public information" at the time the Constitution was adopted. EPIC and other open government groups filed a amicus brief arguing that residents-only provisions limit public access to information necessary for political advocacy. In 2008, EPIC obtained documents from Virginia revealing an agreement to limit oversight of a state fusion center. For more information, see EPIC: McBurney v. Young and EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill.

Tags:

Posted by EPIC on April 29, 2013 5:16 PM | | TrackBacks (0)

Search


About April 2013

This page contains all entries posted to epic.org in April 2013. They are listed from oldest to newest.

March 2013 is the previous archive.

May 2013 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3