« May 2016 | Main | July 2016 »

June 2016 Archives

June 1, 2016

EPIC, Coalition Seeks Time to Review FBI Biometric Database

EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies. Errors plague the NGI database. In a FOIA caseEPIC v. FBI, EPIC obtained documents, which showed that the FBI accepted a 20% error rate for facial recognition matches.

Continue reading "EPIC, Coalition Seeks Time to Review FBI Biometric Database" »

June 4, 2016

EPIC Propose Privacy, Security Protections for "Internet of Things"

EPIC has recommended new safeguard for the “Internet of Things.” EPIC proposed laws requiring companies to adopt Privacy Enhancing Technologies, promote data minimization, and ensure security for IoT devices. EPIC also recommend a prohibition on tracking, profiling, and monitoring of consumers using IoT services. As EPIC explained, “Protecting consumer privacy will become increasingly difficult as the Internet of Things becomes increasingly prevalent.” EPIC has worked extensively on the risks of the Internet of Things, including connected cars and “smart homes.”  An EPIC complaint concerning “always on” devices, such as “smart TVs,” is pending at the Federal Trade Commission.

June 6, 2016

EPIC, Coalition Petitions Education Department for Data Security Rules for Student Records

EPIC, legal scholars, technical experts, and many leading privacy organizations have petitioned the Education Department to establish a data security rule to protect student records. The experts and groups explained that data breaches now plague schools and colleges across the country, following recent changes to the Family Educational Rights and Privacy Act. The petition calls for the establishment of rules for  encryptionprivacy enhancing techniques, and breach notification.

June 7, 2016

EPIC Gives Awards to Gertner, Soltani, and Wolf

At the National Press Club in Washington, DC, EPIC presented the 2016 EPIC Lifetime Achievement Award to lawyer Chris Wolf, the 2016 EPIC Privacy Champion Award to technologist Ashkan Soltani, and the 2016 EPIC Champion of Freedom Award to judge and law professor Nancy Gertner. The EPIC awards are presented annually to those who protect privacy, open government, and democratic institutions with courage and integrity. Manoush Zomorodi, podcaster of Note to Self, and Bruce Schneier, security technologist, cohosted.

June 9, 2016

EPIC FOIA: Secret Drone Task Force Ignored Privacy Concerns

second batch of previously secret documents show that the government’s secret drone task force ignored public concerns about drone surveillance. Included in the documents are opening remarks by FAA Administrator Michael Huerta, who urged the task force to take into consideration “the interests of all stakeholders,” but who declined to invite any privacy or consumer advocates to the closed door meetings. The newly released records stem from EPIC v. DOT, a lawsuit filed to uncover records relating to the private meetings held last November in Washington, DC between agency officials and industry representatives. EPIC expects to obtain more documents from the agency.

June 10, 2016

EPIC Hosts Policy Forum at National Press Club

EPIC brought together privacy, security, and policy experts for a panel discussion at the National Press Club around the theme “Data Protection 2016.” Panelists explored voter privacy issues, including voter ID and online voting, and also privacy issues that could arise in the 2016 election cycle. Participants included members of the EPIC Advisory Board, representatives of the Brennan Center and Verified Voting, and the UN Rapporteur on the Right to Privacy.

EPIC Presses House Leaders on "Data Protection"

At a symposium organized by the Council on Foreign Relations, EPIC President Marc Rotenberg asked Republican leaders in the U.S. Congress whether "data protection" should be a campaign issue in 2016. Rep. Goodlatte, who chairs the House Judiciary Committee, responded "I very much believe it should be and is an issue in this election." He pointed to his own work to update the Electronic Communication Privacy Act (ECPA), "because that is an enhancement of the protection of people's privacy that I think they want and expect." Rep. McCaul, who chairs the House Homeland Security Committee, noted "in the cybersecurity bill we passed we met very closely with the privacy advocates. That was very important to me that we protect personally identifying information as we try to share these malicious codes." EPIC has launched a non-partisan campaign to make Data Protection a campaign issue in 2016.

House to Consider Overdue FOIA Reform Bill

Congress is poised to take up a FOIA reform bill next Monday. The bill would require federal agencies to operate under a "presumption of openness" and places time limits on agency responses, improvements that EPIC has long supported. EPIC routinely uses the Freedom of Information Act to promote government oversight and agency accountability. July 4, 2016 will mark the 50th anniversary of the enactment of the FOIA.

June 13, 2016

EPIC Tells Congress FCC is "Under Reaching" on Privacy

EPIC has sent a letter to the House Energy and Commerce Committee in advance of a hearing on “FCC Overreach: Examining the Proposed Privacy Rules.” EPIC described the shortcomings of the ”notice and choice” privacy framework and pointed to growing levels of public concern in the United States about Internet privacy.  EPIC said that the FCC’s proposed privacy rules are a modest first step and that the Communications Communication has legal authority to go much further to safeguard American consumers. EPIC has repeatedly urged the Commission to broaden the scope of the proposed privacy rules.

June 15, 2016

GAO Report: FBI’s Use of Face Recognition Fails on Privacy and Accuracy

The Government Accountability Office released a report today detailing the FBI’s failure to conduct a privacy audit of the agency’s use of facial recognition or adequately test the accuracy of the technology. EPIC and a coalition of public interest groups recently urged the Justice Department to extend the public comment period for the FBI’s Next Generation Identification database, which includes facial recognition capabilities. Previous Freedom of Information Act requests by EPIC showed that the agency had numerous agreements with states to access driver license photos for facial recognition searches and that technical specifications allowed for a 20% search error rate.

June 17, 2016

EPIC's Rotenberg Outlines Need for International Privacy Framework

Speaking at the Council of Europe in Strasbourg, EPIC President Marc Rotenberg outlined the need for the US to ratify the International Privacy Convention. Rotenberg said it was "unlikely that the Privacy Shield will survive another trip to Luxembourg." The Privacy Shield is a proposed arrangement for EU-US data transfers that has come under criticism from European consumer groups, NGOs, privacy officials, and the EU Data Protection Supervisor. In 2009, more than 100 privacy groups and experts endorsed the Council of Europe Privacy Convention. In 2010 members of the EPIC Advisory Board urged then Secretary of State Hilary Clinton to seek US ratification of the Privacy Convention.

June 20, 2016

Supreme Court Weakens Fourth Amendment Protections During Police Stops

In Utah v. Strieff, the U.S. Supreme Court held today that an outstanding arrest warrant can attenuate “the connection between an unlawful stop and the evidence seized incident to arrest.” The holding reverses the Utah Supreme Court, which had suppressed evidence obtained by an officer who stopped Strieff illegally and ran his ID to look for outstanding warrants. EPIC and 22 technical experts filed an amicus brief, warning the Court that reversing the Utah court would allow vast amounts of personal data stored in government databases—much of it inaccurate—to provide post hoc justification for unlawful seizures.

EPIC, NGOs Host Civil Society Forum at OECD Ministerial

EPIC, in coalition with civil society organizations from around the world, is hosting "Toward an Inclusive, Equitable, and Accountable Digital Economy." The forum is organized under the auspices of the Civil Society Information Society Advisory Council (CSISAC), "the voice of civil society at the OECD," in conjunction with the OECD Ministerial on the Digital Economy. The CSISAC Forum features NGO leaders, technology experts and government decision makers. The Forum is an out growth of the Public Voice campaign to promote civil society participation in decisions concerning the future of the Internet. Similar NGO meetings were held in Ottawa in 1998 and Seoul in 2008.

EPIC Scrutinizes DoD “Insider Threat” Database

In comments to the Department of Defense, EPIC criticized a proposed “Insider Threat” database that would gather virtually unlimited amounts of personal data on individuals based on broad and ambiguous standards. EPIC urged DoD to limit the scope of data collection and drop proposed Privacy Act exemptions. Citing the recent surge in government data breaches, including the breach of 21.5 m records at OPM, EPIC warned that DoD data practices pose a risk to federal employees. EPIC has consistently warned against inaccurateinsecure, and overbroad government databases, and recently filed comments on a similarly flawed DHS database.

June 21, 2016

States Adopt New Student Privacy Safeguards

Several states have recently enacted new student privacy laws. Colorado and Connecticut’s laws impose strict requirements on those who collect student data. Connecticut also requires that parents are notified each time a school district enters into a contract that involves student data.  North Carolina enacted a student privacy law modeled after California's Student Online Personal Information Protection Act. The National Association of State Boards of Education reported that 38 states considered student privacy legislation in 2016. Ten of those states passed student privacy laws. EPIC has urged the enactment of a comprehensive student privacy bill of rightsEPIC's State Policy Project is monitoring privacy bills nationwide.

FAA Approves Commercial Drones Without Privacy Safeguards

The FAA released the final rule on commercial drones today. Despite nearly 180 comments regarding the privacy risks of drones, the FAA failed to address the privacy risks of deploying commercial drones into the national airspace. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. EPIC also recommended the FAA implement a national database detailing the surveillance capabilities of commercial drones. The FAA has repeatedly acknowledged the privacy risks of drone deployment, but has so far refused to adopt any privacy safeguards.

FOIA Ombudsman Recommends Changes to Use of "Still Interested" Letters

The FOIA ombudsman has issued the third part of a report on the use of "still interested" letters (part 1part 2). Such letters are used by federal agencies to prematurely terminate FOIA requests. In 2014, an EPIC-led coalition urged the Office of Government Information Services to investigate the pervasive use of such letters. Today’s report recognizes that this agency practice is "not addressed in the FOIA statute or in agency regulations,” and that reporting on the practice is inconsistent. The FOIA ombudsman  urged agencies to provide additional guidance on the use of such letters, and to document the practice in annual reporting. Congress recently passed legislation to strengthen the FOIA, which the President is expected to sign.

June 22, 2016

EPIC Promotes Privacy, Data Protection at OECD Ministerial

Speaking at the OECD Ministerial Conference on the Digital Economy, EPIC President Marc Rotenberg emphasized that there cannot be trade-offs between innovation and human rights. Citing widespread public concerns, Rotenberg urged the OECD member countries to address the challenge of privacy and security. "We cannot have a sustainable, inclusive economy if we cannot solve the problem of trust." EPIC collaborated with civil society groups to host the forum "Toward an Inclusive, Equitable, and Accountable Digital Economy."

June 23, 2016

EPIC, Coalition Demand Congressional Oversight of FBI's Vast Biometric Database

Today EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI’s massive biometric database and the risks of facial recognition technology. The letter follows the FBI’s recent proposal to exempt the "Next Generation Identification” database from Privacy Act safeguards—including requirements for accuracy, relevancy, and transparency. The civil liberties organizations said that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.” In the EPIC v. FBI FOIA case, EPIC obtained documents which revealed high error levels in the biometric database.

High Court Extends Fourth Amendment Protections to DUI Blood Tests

In Birchfield v. North Dakota, the U.S. Supreme Court today held that states cannot criminalize an individual’s refusal to submit to a warrantless blood test. The Court also found that the Fourth Amendment does not allow warrantless blood tests incident to arrest, but does permit warrantless breath tests. In the 2013 case Maryland v. King, EPIC urged the Supreme Court to protect genetic privacy by extending Fourth Amendment protections the collection of DNA from arrestees. In that case, the Supreme Court held that a cheek swab incident to an arrest was permissible.

June 27, 2016

Court Misunderstands Internet Tracking in Video Privacy Case

The Third Circuit today rejected claims brought against Nickelodeon under the Video Privacy Protection Act, holding that IP and MAC addresses are not “personally identifiable information.” The opinion contradicts a First Circuit decision from earlier this year, which found that a unique Android ID and GPS coordinates constituted PII under the VPPA. The circuit split increases the possibility of U.S. Supreme Court review. The Court did find that plaintiffs could sue under state privacy law. EPIC filed an amicus brief, arguing that Congress defined PII as “purposefully broad to ensure that the underlying intent of the Act—to safeguard personal information against unlawful disclosure—is preserved as technology evolves.”

In EPIC FOIA Case, Court Orders DEA to Explain Secrecy about Massive Telephone Data Program

A federal court in Washington, DC ruled today that the DEA’s explanation for withholding from EPIC certain information about "Hemisphere," a massive telephone record collection program, was legally insufficient. The Court ordered the DEA to release the information requested to EPIC or provide specific reasons for the withholding. EPIC filed the FOIA lawsuit after press reports about Hemisphere, which is broader in scope than the NSA’s bulk data program.  DEA continues to keep secret the names of the companies involved and the federal agencies given access to the telephone records of American consumers.

June 29, 2016

Privacy Shield Revisions Fail to Satisfy Legal Requirements

A revised draft of the Privacy Shield included some modifications on the scope of US bulk data collection, the role of the "ombudsperson," and data erasure but fails to resolve flaws previously identified by European data protection authorities and the European Data Protection Supervisor. EPIC and an international coalition of NGOs previously called for substantial changes in the Privacy Shield to respect the fundamental rights to privacy and data protection.

About June 2016

This page contains all entries posted to epic.org in June 2016. They are listed from oldest to newest.

May 2016 is the previous archive.

July 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.