« June 2015 | Main | August 2015 »

July 2015 Archives

July 1, 2015

EPIC Pursues Documents about Secret Government Profiling Program

EPIC has filed papers in federal court challenging the government's claim that it can withhold information about automated profiling. In EPIC v. CBP, a Freedom of Information Act case, EPIC seeks documents about the "Analytical Framework for Intelligence" which incorporates personal information from government agencies, commercial data brokers, and the Internet. The agency then uses secret, analytic tools to assign "risk assessments" to travelers, including U.S. citizens traveling solely within the United States. EPIC has called for "algorithmic transparency" in automated decisions concerning individuals.

Surveillance Court Ignores Court Ruling, Reauthorizes NSA Bulk Collection Program

The Foreign Intelligence Surveillance Court has reauthorized the collection of domestic telephone records for 180 days. The Surveillance Court ignored the recent decision of the Federal Court of Appeals, which held that the NSA bulk collection program is unlawful. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program. Congress then passed the Freedom Act to end program, but the FISC didn't get the memo.

July 2, 2015

Slight Decrease in Wiretaps in 2014, Encryption Not a Barrier to Investigations

In 2014, combined state and federal wiretap applications decreased 1%, from 3,577 to 3,555. Investigators encountered encryption in only 25 cases, and were able to obtain plain text in all but four cases. This fact contradicts claims that law enforcement agencies are "going dark" as a result of new encryption technologies. Of the 3,544 arrests based on wiretaps in 2014, only 553 resulted in convictions. The annual Wiretap Report, details government surveillance and provides insight into the debate over surveillance and the use of encryption. EPIC has repeatedly cited the annual Wiretap Report as a model for greater transparency of other surveillance activities . EPIC also maintains comprehensive tables and charts on electronic surveillance.

States Adopt Privacy Laws for Student Data, Breach Notification, License Plate Readers, and Drones

Several states have recently enacted new privacy laws. New Hampshire and Oregon passed student privacy legislation modeled after California's Student Online Personal Information Protection Act. Rhode Island and Connecticut enacted new consumer privacy and data breach notification laws. A new Minnesota law limits the data police may capture using automated license plate readers and requires the deletion of all data not relevant to an investigation. And the Freedom from Unwanted Surveillance Act, a law in Florida regulating the commercial use of drones, went into force this week. EPIC's State Policy Project is monitoring privacy bills nationwide.

July 3, 2015

UN Appoints Special Rapporteur on Right to Privacy

The President of the UN Human Rights Council has selected Mr. Joseph Cannataci to serve as the first UN Special Rapporteur on the Right to Privacy. Cannataci is chair of European Information Policy and Technology Law at the University of Groningen in The Netherlands. He has served as an expert for panels on privacy, data protection, the Internet and cyber crime for the Council of Europe, the European Commission, and UNESCO. EPIC President Marc Rotenberg, a candidate for the post, expressed support for the selection. “The Human Rights Council has made a good decision. Mr. Cannataci is well qualified for this position. We look forward to working with him on this critical mandate.”

July 7, 2015

Justice Department Issues Guidance on "Administrative Closures" for FOIA Requests

The Department of Justice has told federal agencies to continue processing FOIA requests after EPIC and many FOIA groups objected to the practice of "administrate closures." The Department advised agencies to limit administrative closures of FOIA requests and to provide "reasonable grounds" for ending processing. The Department also said agencies should provide requesters at least 30 days to respond to a proposal to end processing of a FOIA request. In 2014 EPIC and a dozen open government organizations stated that "no provision in the [FOIA] allows for administrative closures . . ."

Leading Security Experts Oppose Government Encryption Plan

Several members of the EPIC Advisory Board, leading experts in security technology, have warned that a government plan to weaken encryption threatens the nation's critical infrastructure and puts at risk confidential personal information. Recalling a similar report from 1997, the researchers concluded that "the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. Recent reports from the US courts, available from EPIC, show that encryption has not been an obstacle to law enforcement investigations. A 1994 Internet petition led to the demise of "Clipper," the original government plan for escrowed encryption.

July 8, 2015

Congress to Hold Hearing on Encryption and Privacy

Today the Senate is holding a hearing on "Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy." FBI Director Comey, testifying today, has advocated for broken encryption to enable law enforcement access to private communications. Despite claims of "going dark" because of new encryption technologies, law enforcement encountered encryption in only 25 wiretap cases in 2014. Of those cases, non-encrypted text was obtained in all but four cases. EPIC has advocated for strong encryption and urged President Obama to reject proposals to weaken encryption. EPIC published the first comprehensive survey of encryption use around the world. And earlier this year, EPIC gave a Champion of Freedom Award to Apple CEO Tim Cook, who warned that "Criminals are using every technology tool at their disposal to hack into people's accounts. If they know there's a key hidden somewhere, they won't stop until they find it."

July 9, 2015

EPIC Urges Investigation of "Always On" Consumer Devices

EPIC has asked the Federal Trade Commission and the Department of Justice to conduct a workshop on 'Always-On' Consumer Devices. EPIC described the increasing presence of internet-connected devices in consumer's homes, such as TVs, toys, and thermostats, that routinely record and store private communications. EPIC urged the agencies to conduct a comprehensive investigation to determine whether "always on" devices violate the Wiretap Act, state privacy laws, or the FTC Act. Earlier this year, EPIC filed a formal complaint with the FTC concerning Samsung TV, arguing that the recording of private communications in the home is an unfair and deceptive trade practice.

July 15, 2015

Leaked Google Data: 95% of "Right to Be Forgotten" Requests Come From Private Individuals Concerning Private Information

Nearly all of the "right to be forgotten" requests made to Google up to March 2015 came from everyday members of the public seeking to remove links to private information. The new data, accidentally embedded in the source code of Google's transparency report, show that just five percent of the nearly 220,000 delinking requests concerned criminals, politicians, or public officials. This revelation undercuts claims by Google and some media companies to sensationalize the right articulated by the Court of Justice of the EU last year. EPIC has defended the right to delink and argued that the right should be recognized in the United States.

July 17, 2015

Report Outlines Security Challenges for Online Voting

A new report from the U.S. Vote Foundation concludes that no internet voting systems provide adequate security for public elections. The report recommends "end-to-end verifiable voting," which allows voters to confirm that their votes were recorded. The system would also verify that votes are correctly tabulated. EPIC has obtained FOIA documents from the Department of Defense regarding the functionality and reliability of an e-voting.

July 21, 2015

Senators Markey and Blumenthal Introduce Bill to Protect Drivers from Remote Hacking

Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the "Security and Privacy in Your Car Act of 2015." The SPY Car Act would establish cybersecurity and privacy requirements for new passenger vehicles, and inform consumers about the risks of remote hacking. The SPY Car Act follows a report from Senator Markey, which "detailed major gaps in how auto companies are securing connected features in cars against hackers." The bill would also prohibit manufacturers from using consumer driver data for marketing purposes without consumer consent. EPIC has urged the Transportation Department to protect driver privacy. EPIC has written extensively on interconnected devices, including cars, known as the "Internet of Things" and has also said that "cars should not spy on drivers."

July 22, 2015

FTC Sues LifeLock For Violating Consent Agreement

The Federal Trade Commission has filed suit in federal district court against the identity theft-protection company LifeLock for violating a 2010 consent order. The FTC previously charged LifeLock with using false claims to promote its services and prohibited the company from making false claims in the future. Now, the Commission has charged LifeLock with failing to safeguard consumer data and continuing to falsely advertise to consumers, in violation of the 2010 order. EPIC has repeatedly urged the FTC to enforce consent orders and to make its review process transparent to the public. In 2012 EPIC sued the agency for its failure to enforce a consent order against Google after the company changed its privacy practices.

July 23, 2015

Justice Department Releases 2015 FOIA Reports

The DOJ has released its assessment of federal agencies' 2015 FOIA compliance reports. Every year, agencies submit reports to the Justice Department describing their progress in implementing President Obama's Memo and former AG Eric Holder's Guidelines to promote FOIA compliance. The DOJ grades progress in five areas: applying the presumption of openness, effective and responsive systems, proactively releasing information, utilizing technology, and reducing backlogs and improving response times. EPIC and other open government organizations have called on President Obama to strengthen the FOIA.

July 27, 2015

Open Government Groups Oppose Proposed FOIA Exemptions

Over the weekend, several open government groups urged Sen. Mitch McConnell (R) and Sen. Harry Reid (D) to remove proposed FOIA "b(3)" exemptions from a pending transportation bill. The exemptions would exclude public access to information about safety audits, trucking company safety scores, accident footage, and records related to hazardous train service. The groups oppose the exemptions and also explained that such proposals should be reviewed by the Senate Judiciary Committee which is responsible for FOIA oversight. EPIC previously set out recommendations for FOIA reform.

Top EU Officials Calls Privacy Reform "Europe's Big Opportunity"

Giovanni Buttarelli, the European Data Protection Supervisor, has announced "Recommendations on the EU's Options for Data Protection Reform." The Opinion sets out an assessment and recommendation for the new European Union privacy law. EU and US NGOs, including EPIC, have urged the adoption of strong safeguards. In response, the President of the European Commission stated recently that "proposed data protection rules will not drop below the level" of current law.

Intelligence Director Says NSA Access to Bulk Phone Record Data Will End

The Director of National Intelligence announced today that the NSA analysis of "section 215" telephone records previously gathered will end when the USA FREEDOM Act goes into effect on November 29, 2015. Earlier this month, the U.S. Surveillance Court ruled that the NSA could continue collecting records during a 180 day transition period, despite an earlier decision finding the program was unlawful. In 2012, EPIC testified before the House Judiciary Committee on the need to reform the Surveillance Court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.

July 28, 2015

In the States: NH Adopts Location Privacy Law

New Hampshire has enacted a strong location privacy law that requires a judicial warrant for access to cell phone location data. New Hampshire joins several other states that protect the privacy of cell phone location records, by public law or court decision. EPIC has filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking by the government is a search under the Fourth Amendment and should be conducted only with a judicial warrant.

New OECD Report Finds Increased Privacy Concern, Lagging National Policies

The OECD Digital Economy Outlook 2015 explores recent developments in the digital economy. The OECD report finds that Internet "users are increasingly concerned, 64% of respondents are more concerned about privacy than they were a year ago" even as few countries include online privacy in national digital strategies.The OECD also warns that the "Internet of Things" will lead to the rise of autonomous machines. Civil society groups are planning to report to the OECD at the 2016 Ministerial Meeting on the Digital Economy.

July 29, 2015

Federal Appeals Court Recognizes "Substantial Risk of Future Harm"

In a landmark opinion, the Seventh Circuit Court of Appeals has ruled that a class action lawsuit against Neiman Marcus may continue because of the ongoing risk to customers whose personal information was compromised in a data breach. The case stems from a breach of the Neiman Marcus customer database that led to the release of 350,000 credit cards and exposed more than 9,200 customers to fraud. A lower court ruled that since the identified fraud victims had been reimbursed, Neiman Marcus was off the hook for future claims. However, the Seventh Circuit ruled that the plaintiffs, customers who were not yet aware of fraud, faced a "substantial risk of future harm," and that risk was enough to allow the class action to continue. According to the Federal Trade Commission, identity theft remains the top concern of American consumers.

July 30, 2015

California Supreme Court to Review License Plate Records Case

The California Supreme Court has granted review of a lower court decision that prevented public release of information about "automated license plate readers." The lower court held that the information about the system to gather license plate data on all motorists was an "investigative record." EPIC urged the California Supreme Court to review the matter, stating, "as the government's ability to collect information about individuals has expanded, open record laws have become an important tool for government oversight." Documents obtained by EPIC about the FBI's use of license plate readers showed the agency failed to address the system's privacy implications.

In Appellate Brief, EPIC Argues for Limitations on Government Digital Searches

In an amicus brief to the U.S. Court of Appeals for the Second Circuit, EPIC argued that there are Constitutional limits on government searches of electronic storage devices. EPIC urged affirmance of United States v. Ganias, which held that the Government violated the Fourth Amendment by retaining files seized years earlier. After the government appealed, the court agreed to rehear the case. EPIC argued that data minimization practices should be followed for electronic searches, particularly after the Supreme Court's decision in Riley v. California. EPIC endorsed the approach set out in United States v. Comprehensive Drug Testing, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. In Quon v. City of Ontario, CA (2012), EPIC recommended that the Supreme Court adopt a similar approach.

After Losing Appeal, Google Moves to Block Scope of European Privacy Right

Google has indicated that it does not intend to comply with a judgement of the high court in Europe after earlier losing its appeal in Google v. Spain. Earlier this year, the French Data Protection agency, consistent with the landmark decision of the European Court of Justice, instructed Google to delist certain links in all domains in which the search company operates. A recently leaked version of a Google transparency report found that the vast majority of requests for delisting concern private matters of private individuals. Support for the "right to be forgotten" continues to grow around the world with courts in Japan, Canada, and the United States acknowledging similar claims.

About July 2015

This page contains all entries posted to epic.org in July 2015. They are listed from oldest to newest.

June 2015 is the previous archive.

August 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.