epic.org: June 2017 Archives

EPIC to Host Cybersecurity Policy Panel At National Press Club

On Monday, June 5th, EPIC will host a policy panel at the National Press Club to discuss "Democracy & Cybersecurity: Preserving Democratic Institutions." EPIC Is currently litigating three of the leading open government cases concerning Russian interference with the 2016 Presidential election. Speakers include Steven Aftergood of the Federation of American Scientists, Alan Butler, Senior Counsel at EPIC, Professor Jennifer Daskal, and renowned security expert Bruce Schneier. The panel will be hosted by Manoush Zomorodi of WNYC's "Note to Self." Register at https://epic.org/events/cybersecurity/.

Posted by EPIC on June 1, 2017 6:10 PM | Permalink

Supreme Court to Hear Case on Privacy of Cell Phone Location Data

The U.S. Supreme Court has granted review in Carpenter v. United States, a case concerning the privacy of cell phone location data. At issue is data that can be used to track cell phone users and whether police are required to obtain warrants to conduct these searches. A lower court ruled that the Fourth Amendment does not require officers to get a warrant before they obtain location records from a cell phone provider. In State v. Earls, EPIC successfully argued that a warrant is required under the New Jersey constitution. EPIC will file an amicus in Carpenter supporting the application of the warrant standard to obtain location data.

Tags:

Posted by EPIC on June 5, 2017 11:40 AM | Permalink

EPIC Awarded Nearly $100,000 in Internet Surveillance Case

A federal judge in Washington, DC has issued a final order granting EPIC substantial attorney's fees in a long-running case against the Department of Homeland Security. EPIC sued the DHS in 2012 for information about a secret program to monitor Internet traffic. The "Cyber Pilot" program applied originally to defense contractors, but an executive order dramatically expanded the program, raising concerns about violations of federal wiretap law. EPIC's lawsuit produced the release of several thousand pages on the program. EPIC sought attorneys fees for the successful litigation, which the DHS opposed. In November, Judge Gladys Kessler ruled that EPIC was entitled to attorney's fees because it "substantially prevailed in [the] litigation" and added "to the fund of information that citizens may use in making vital political choices." On Monday, Judge Kessler confirmed that decision and awarded EPIC nearly $100,000 in fees—the largest such award in EPIC's history.

Tags:

Posted by EPIC on June 5, 2017 1:15 PM | Permalink

Pew Survey Explores Internet of Things

The Pew Research Center has released a report surveying experts about the security implications of the Internet of Things. The survey found a broad consensus that growth in the IoT will bring with it an increased risk of real-world physical harm. "The essential problem is that it will be impractical for people to disconnect," said EPIC President Marc Rotenberg in the survey. "Cars and homes will become increasingly dependent on internet connectivity. The likely consequence will be more catastrophic events." The ACM recently released a Statement of IoT Privacy and Security, which lists principles for protecting privacy and security in IoT devices. EPIC has been at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices.

Tags:

Posted by EPIC on June 6, 2017 11:50 AM | Permalink

EPIC Urges Senate Committee To Reform Surveillance Law

In advance of a hearing on the Foreign Intelligence Surveillance Act, EPIC has sent a Statement to the Senate Select Committee on Intelligence urging increased transparency and new public reporting of the Government's surveillance activities. EPIC also highlighted several legal challenges to an NSA bulk surveillance program abroad. The bulk surveillance program for the communications of non-U.S. persons, sunsets on December 31, 2017. EPIC testified before the House Judiciary Committee during the 2012 FISA reauthorization hearings, recommended improved public reporting, and warned pre-Snowden that the extent of mass surveillance was much greater than was known to the public.

Tags:

Posted by EPIC on June 6, 2017 2:50 PM | Permalink

Leaked Document Details Russian Interference Efforts in 2016 Election

A National Security Agency document leaked to The Intercept details Russian attempts to interfere in the 2016 Presidential Election via cyber attacks. The document concludes that the attacks were carried out by Russian military intelligence and involved spear-phishing emails and a cyber attack on a private manufacturer of devices that maintain and verify the voter rolls. EPIC Is currently litigating EPIC v. ODNI, EPIC v. FBI, and EPIC v. IRS, three of the leading open government cases concerning Russian interference with the 2016 Presidential election.

Tags:

Posted by EPIC on June 6, 2017 3:10 PM | Permalink

EPIC Urges Senate to Ask Comey About FBI Response to Russia Attack

In advance of the hearing with former FBI Director James Comey, EPIC has sent a statement to the Senate Intelligence Committee. EPIC urged the Committee to ask Comey whether FBI Victim Notification procedures were followed in notifying the DNC and the RNC once the FBI became aware of the Russian cyberattack on US political organizations. In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community.” The obvious question at this point is whether the FBI followed the required procedures for Victim Notification once the Bureau became aware of this attack.

Tags:

Posted by Caitriona Fitzgerald on June 7, 2017 7:23 AM | Permalink

EPIC Obtains Reports on Runaway Army Blimp

As the result of a FOIA Request, EPIC has obtained nearly two hundred pages of reports about the Army surveillance blimp that broke free and crash landed in Pennsylvania. In 2015 the blimp roamed the East Coast before its crash and caused blackouts across the Pennsylvania countryside as it downed power lines. The documents obtained by EPIC include technical reports, a field investigation, and maintenance worksheets. The reports reveal the tail of the blimp failed, raising questions about the government's maintenance of the controversial and very expensive surveillance program. Through an earlier FOIA lawsuit, EPIC uncovered details about the plan to deploy the surveillance blimp over Washington, DC. The Runaway Blimp launched an Internet meme.

Tags:

Posted by EPIC on June 7, 2017 4:35 PM | Permalink

FCC Responds to EPIC's Petition, Seeks Public Comment on Data Retention Mandate

The FCC is seeking comments on an EPIC's petition to revoke the FCC's rule requiring mandatory retention of phone records. Current FCC regulations require phone companies to retain sensitive information on all telephone customer calling activity for 18 months, including telephone numbers dialed, date, time, and call length. The petition, filed in August 2015, states that the FCC's mandate "violates the fundamental right to privacy, exposes consumers to data breaches, stifles innovation, and reduces competition. It is outdated and ineffective. It should end." The EPIC petition is supported by a broad coalition of civil liberties organizations, technical experts, and legal scholars. The FCC docket number is 17-130. Comments are due on June 16, 2017.

Tags:

Posted by EPIC on June 7, 2017 5:45 PM | Permalink

EPIC Urges DHS To Abandon Privacy Act Exemptions for ICE Database

In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions. The FALCON database contains detailed personal information on ICE and CBP employees, and individuals associated with ICE investigations including victims and witnesses. For this government database, DHS has proposed to exempt itself from several Privacy Act protections including ensuring that the records are accurate, timely, and complete. EPIC has consistently warned against inaccurate, insecure, and overbroad government databases. The FBI recently postponed an "Insider Threat" database that also lacked adequate Privacy Act safeguards.

Tags:

Posted by EPIC on June 8, 2017 4:30 PM | Permalink

EPIC to Congress: Data Protection Needed for Financial Technologies

EPIC submitted a statement to a House Committee hearing on financial technologies on the risks with new financial services. Companies now use social media data and secret algorithms to make determinations about consumers. They are also reaching out, through the "Internet of Things," to control consumers. EPIC's recently filed a complaint with the CFPB about "starter interrupt devices," deployed by auto lenders to remotely disable cars when individuals are late on their payments.

Tags:

Posted by EPIC on June 9, 2017 11:05 AM | Permalink

EPIC In Court: Irish Court Reviews U.S. Surveillance Developments

The Irish High Court has reviewed recent decisions by the U.S. surveillance court and a federal appeals court for a case on the legality of Facebook's transfers of personal data from the EU to the United States. EPIC explained that the modifications to the NSA's "Upstream" program were significant, but emphasized that the scathing rebuke of the NSA's prior violations and "institutional lack of candor" show that there are not adequate limitations in the US on mass surveillance. And Congress has been unwilling so far to modify the Section 702 collection authority. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all.

Posted by EPIC on June 9, 2017 11:20 AM | Permalink

Senator Feinstein Proposes Reforms to Broad Spying Authority

Senator Dianne Feinstein, the former chair of the Senate Intelligence Committee, today outlined reforms to Section 702 surveillance authority. The law, which allows the NSA "PRISM" and "Upstream" surveillance programs, is set to expire at the end of this year. Senator Feinstein would end permanently the NSA's "about" searches, expand the amicus role at the intelligence court, and require the continued sunsetting of FISA authorities created in the The FISA Amendments Act of 2008. In 2012, EPIC testified before Congress on the need to establish better oversight for Section 702 prior to renewal.

Tags:

Posted by EPIC on June 9, 2017 1:35 PM | Permalink

EPIC to House: FAA Must Establish Drone Privacy Safeguards

EPIC sent a statement to the House Committee on Transportation & Infrastructure ahead of a hearing on FAA Reauthorization. Emphasizing the unique privacy risks of drones, EPIC explained that the FAA has failed to establish necessary safeguards. In 2015, EPIC sued the agency, arguing that it failed to comply with Congressional directives. Following a petition by EPIC, the agency received hundreds of comments in support of privacy rules. EPIC also told Congress that the FAA has excluded privacy experts from the agency task force on drone policy.

Tags:

Posted by EPIC on June 9, 2017 2:55 PM | Permalink

EPIC Gives Freedom Awards to Goldberg, Kasparov, Rivest, and Wald

At the National Press Club in Washington, DC, EPIC presented the 2017 EPIC Lifetime Achievement Award to computer scientist Ron Rivest, the 2017 EPIC Privacy Champion Award to privacy attorney Carrie Goldberg, and the 2017 EPIC Champion of Freedom Awards to judge Patricia Wald and human rights advocate Garry Kasparov. The EPIC awards are presented annually to those who protect privacy, open government, and democratic institutions with courage and integrity. Manoush Zomorodi, podcaster of Note to Self, and Bruce Schneier, security technologist, cohosted. Remarks of Judge Wald.

Posted by EPIC on June 5, 2017 3:50 PM | Permalink

EPIC Tells House Committee to Ensure Telemarketing Rules Protect Consumers

EPIC has sent a statement to the House Judiciary Committee in advance of the hearing on "Lawsuit Abuse and the Telephone Consumer Protection Act." The telemarketing law bars telemarketers and robocallers from contacting consumers by phone fax, or text without prior consent. EPIC acknowledged that class action settlements often fail to provide direct financial benefits to consumers, but explained that "TCPA cases are among the most effective privacy class actions because they typically require companies to change their business practices to comply with the law." Last year, EPIC filed an amicus brief in support of TCPA protections for consumers. EPIC has also testified before Congress about the telemarketing law and submitted many comments concerning its implementation.

Tags:

Posted by EPIC on June 12, 2017 3:00 PM | Permalink

EPIC to Congress: Ask ICE About FOIA Compliance

EPIC has sent a statement to the House Appropriations Committee in advance of a budget hearing for Immigrations and Customs Enforcement and Customs and Border Patrol. EPIC urged the Committee to ask whether ICE is complying with FOIA "when it receives requests for immigration data." EPIC and a coalition recently sent a letter to DHS Secretary Kelly calling on ICE to "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." EPIC also said the Committee should ensure that CBP, which is now deploying drones, will comply with state laws and a 2015 Presidential Memorandum that limit drone surveillance.

Tags:

Posted by EPIC on June 12, 2017 5:00 PM | Permalink

EPIC Launches Campaign to End FCC Data Retention Mandate

EPIC launched the "My Calls, My Data" campaign today, urging the public to support a proposal to end the FCC's data retention mandate. The 1986 regulation requires telephone companies to keep the telephone numbers dialed, date, time, and call length of all U.S. telephone customers for an 18-month period. An EPIC-led coalition filed a petition in 2015 calling for repeal of the rule, saying that the FCC's mandate "violates the fundamental right to privacy, exposes consumers to data breaches, stifles innovation, and reduces competition." The FCC is now seeking comments. "There is hardly a better regulation to end than the FCC's data retention mandate," said EPIC President Marc Rotenberg. "It is ineffective, burdensome, and costly." Comments may be filed online and are due by June 16, 2017.

Tags:

Posted by EPIC on June 13, 2017 9:35 AM | Permalink

EPIC Urges House Committee to Back Consumer Safeguards for Internet of Things

EPIC has sent a statement to the House Energy and Commerce Committee in advance of a hearing on "IOT Opportunities and Challenges." EPIC raised the "significant privacy and security risks" of the Internet of Things. A recent report from the Pew Research Center on the Internet of Things underscores the need to develop new safeguards for what some call "The Internet of Broken Things." EPIC has been at the forefront of policy efforts to establish safeguards for connected cars, "smart homes," consumer products, and "always on" devices.

Tags:

Posted by EPIC on June 13, 2017 10:50 AM | Permalink

European Privacy Officials Push for Answers on Status of U.S. Privacy

The Article 29 Working Party, an expert group of European privacy officials, is pressing the European Commission to closely evaluate the EU-US Privacy Shield, a framework permitting the flow of European consumers' personal data to the United States. In a letter to the Commission, the Working Party outlined its expectations for this summer's annual review of the arrangement. The Group asked for "precise evidence" that bulk surveillance is "limited and proportionate." The Article 29 also seeks information about vacancies in key privacy oversight positions, including the Privacy and Civil Liberties Oversight Board and the Privacy Shield Ombudsperson, and any legal protections for "automated decision making." The European Parliament previously expressed alarm over the rollback of U.S. privacy safeguards necessary for the Privacy Shield. In 2015, EPIC and a coalition of privacy organizations urged the US and the EU to strengthen privacy protections following a landmark decision that found insufficient legal protections for the transfer of consumer data to the US. At a hearing before the High Court of Ireland, EPIC Senior Counsel Alan Butler made submissions in DPC v. Facebook, highlighting weaknesses in US privacy law.

Tags:

Posted by EPIC on June 13, 2017 11:05 AM | Permalink

EPIC Joins Call to Keep Surveillance Transparency Promise

EPIC and over 30 organizations urged the Director of National Intelligence Dan Coates to uphold a promise to provide a public estimate of how many Americans are caught up in NSA surveillance of foreign targets. The coalition, including EPIC, previously pushed for the estimate. Americans' communications are "incidentally" collected under section 702 of the Foreign Intelligence Surveillance Act, and the FBI searches this data without a warrant or judicial oversight. EPIC, in testimony before Congress and comments to the Privacy and Civil Liberties Oversight Board, has repeatedly called for greater oversight and transparency of surveillance authorities.

Tags:

Posted by EPIC on June 13, 2017 3:45 PM | Permalink

Court Rules Secret Scoring of Teachers Unconstitutional

A federal district court has held that firing public school teachers based on the results of a secret algorithm is unconstitutional. The case, Houston Federation of Teachers vs. Houston Independent School District, concerned a commercial software company's proprietary appraisal system that was used to score teachers. Teachers could not correct their scores, independently reproduce their scores, or learn more than basic information about how the algorithm worked. "When a public agency adopts a policy of making high stakes employment decisions based on secret algorithms incompatible with minimum due process, the proper remedy is to overturn the policy," the court wrote. EPIC recently filed a complaint asking the FTC to stop the secret scoring of young tennis players. EPIC has pursued several cases on "Algorithmic Transparency," including one for rating travelers and another for assessing guilt or innocence.

Tags:

Posted by EPIC on June 13, 2017 3:50 PM | Permalink

DOJ Requests $21.6 million to Tackle Encryption

During a Senate Appropriations budget hearing today, Deputy Attorney General Rosenstein said that the use of unbreakable encryption "severely impairs our ability to conduct investigations." The Department of Justice is requesting $21.6 million to "counter the treat of Going Dark." Last year, EPIC filed an amicus brief in Apple v. FBI in support of encryption. EPIC argued that the "security features in dispute in this case were adopted to protect consumers from crime." EPIC explained that an order to compel Apple to take extraordinary measures to undo these features places at risk millions of cell phone users across the United States.

Tags:

Posted by EPIC on June 13, 2017 3:55 PM | Permalink

IRS Opposes EPIC's FOIA Suit for Trump Tax Returns

The Internal Revenue Service has asked a court to dismiss EPIC's FOIA lawsuit for President Donald Trump's tax records. EPIC filed the suit on April 15 after the IRS refused to consider a FOIA request for the President's returns. As EPIC told the court, "There has never been a more compelling FOIA request presented to the IRS." EPIC also explained that IRS Commissioner is empowered to release tax returns to "correct misstatements of fact" and to ensure the "integrity and fairness" of the tax system. In yesterday's filing, the IRS conceded that "the FOIA provides an adequate remedy in this case" but insisted that the agency did not have to process EPIC's request or release any records.

Tags:

Posted by EPIC on June 13, 2017 4:00 PM | Permalink

EPIC Tells Congress US-UK Surveillance Agreement Should be Made Public

EPIC has sent a statement to the House Judiciary Committee for a hearing on "Data Stored Abroad." According to news reports, the United States and the United Kingdom are drafting a secret agreement for transnational access to personal data that would bypass legal and judicial safeguards. In November 2016, EPIC filed a FOIA Request for the draft US-UK agreement. The Justice Department recently informed EPIC that responsive documents had been located and would be referred to the State Department for additional processing. EPIC has long pursued public release of international agreements. In 2016, EPIC obtained the "Umbrella Agreement," concerning the transfer of personal data from the EU to the US, after a successful Freedom of Information Act lawsuit.

Tags:

Posted by EPIC on June 14, 2017 4:40 PM | Permalink

News Report: FTC to Act on EPIC's Uber Complaint

According to news reports, the FTC is pursuing EPIC's privacy complaint regarding Uber. In 2015, EPIC filed a complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details was an unlawful and deceptive trade practice. EPIC cited Uber's history of misusing customer data as one of many reasons the Commission should act. EPIC has previously pursued successful FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. The FTC complaints typically lead to settlements following a change in business practices. EPIC has also recommended comprehensive privacy legislation for Uber.

Tags:

Posted by EPIC on June 15, 2017 11:15 AM | Permalink

EPIC Seeks "Long Standing" DOJ Policy for Withholding Communications from Congress

EPIC has filed an urgent Freedom of Information Act request for the "long standing" DOJ policy for withholding from Congress communications between the Attorney General and the President. On June 13, 2017 Attorney General Sessions testified before the Senate Select Committee on Intelligence regarding the Russian interference in the 2016 Presidential election. The Attorney General refused to answer many questions, citing a "long standing" DOJ practice not to share "communications" between the AG and the President or "comment on [such] conversations" for "confidential reasons." EPIC has filed a formal FOIA request with the Department of Justice seeking public release of the DOJ policy, described by the Attorney General.

Posted by EPIC on June 16, 2017 11:55 AM | Permalink

EU Parliament Releases Draft Report on ePrivacy Directive

The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs has released a draft report on regulations for privacy and electronic communications. The draft contains several proposals to strengthen online privacy, including end-to-end encryption in all electronic communications and a ban on encryption backdoors. Protecting the privacy of communications is "an essential condition for the respect of other related fundamental rights and freedoms," according to the report. EPIC has urged the FCC to follow developments with the ePrivacy Directive and has recommended the use of end-to-end encryption in applications including commercial e-mail and connected cars.

Tags:

Posted by EPIC on June 19, 2017 9:00 AM | Permalink

Supreme Court: Social Media Ban Violates First Amendment

The U.S. Supreme Court ruled today in Packingham v. North Carolina, striking down a state law that barred people listed on a sex offender registry from accessing commercial websites that allow minors to register and communicate. The North Carolina ban covered major news sites such as the Washington Post and CNN. "[T]o foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights," the Court wrote. "Even convicted criminals—and in some instances especially convicted criminals—might receive legitimate benefits from these means for access to the world of ideas, in particular if they seek to reform and to pursue lawful and rewarding lives." EPIC filed an amicus brief in the case, joined by 30 technical experts and legal scholars, explaining that the state law violated the right to receive information, censored vast amounts of speech unrelated to protecting minors, and encouraged widespread government monitoring of all internet users. Justice Ginsburg quoted EPIC's brief at oral argument, and the justices' written opinions noted policies and studies cited in the EPIC brief. EPIC frequently files amicus briefs on emerging privacy and civil liberties issues.

Tags:

Posted by EPIC on June 19, 2017 11:10 AM | Permalink

EPIC Urges Swift Action on FCC Data Retention Mandate

In a statement to the Senate Committee on Appropriationst, EPIC asked Congress to obtain assurances from the FCC Chair to repeal the FCC regulation that requires telephone companies to keep customer's phone records for 18 months. EPIC warned that the regulation "places at risk the privacy of users of network services." Two years ago, EPIC, joined by consumer privacy organizations, technical experts, and legal scholars, submitted a formal petition to the FCC, calling for the repeal of the data retention ruie. The FCC recently docketed the petition and accepted public comments on the matter. All of the commentators favored the EPIC petition to end the mandate. The next step will be for the FCC to begin a Rulemaking to Repeal 47 C.F.R.§42.6 ("Retention of Telephone Records").

Tags:

Posted by EPIC on June 20, 2017 2:00 PM | Permalink

EPIC Recommendations for Tech Week Meeting: Protect U.S. Consumers

In advance of a White House / OSTP meeting on "emerging technologies," EPIC has sent a statement to the Office of Science and Technology Policy. EPIC urged the Administration to focus on consumer protection and address the numerous privacy and security risks related to the "Internet of Broken Things." EPIC recommended recommended Privacy Enhancing Technologies, data minimization, and security measures for Internet-connected devices. EPIC also urged the Administration to issue regulations on drone privacy as mandated by Congress and to establish minimum safety standards for connected cars. EPIC warned that "The unregulated collection of personal data and the growth of the Internet of Things has led to staggering increases in identity theft, security breaches, and financial fraud in the United States."

Tags:

Posted by EPIC on June 20, 2017 2:10 PM | Permalink

EPIC Urges Congress to Examine FBI's Biometric Identification Program

EPIC has sent a statement to the House Appropriations Committee in advance of a hearing on the FBI's budget. EPIC urged the Committee to examine the FBI's Next Generation Identification program. EPIC explained that the program "raises far-reaching privacy issues that implicate the rights of Americans all across the country." The FBI biometric database is one of the largest in the world, but the Bureau proposed to exempt the database from Privacy Act protections. EPIC and others supported strong safeguards for the program. In an early FOIA case against the FBI, EPIC obtained documents which revealed high error levels in the biometric database. EPIC has recently filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.

Tags:

Posted by EPIC on June 20, 2017 3:55 PM | Permalink

EPIC Urges Senate Intelligence to Ask FBI about Agency Response to Russia Attack

In advance of the hearing on Russian Interference with the 2016 U.S. Election, EPIC has sent a statement to the Senate Intelligence Committee. EPIC urged the Committee to ask the FBI witness whether the FBI Victim Notification procedures were followed once the FBI became aware of the Russian cyberattack on the DNC and the RNC. In a Freedom of Information Act lawsuit EPIC v. FBI, EPIC obtained the FBI notification procedures that would have applied during the 2016 Presidential election. The documents indicate that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community." The obvious question at this point, said EPIC, is whether the FBI followed the required procedures for Victim Notification once the Bureau became aware of this attack. In a related FOIA case, EPIC v. ODNI, EPIC is seeking the public release of the complete report of the intelligence community on the Russian interference with the 2016 election. EPIC sent a similar letter to the House Intelligence Committee.

Tags:

Posted by EPIC on June 20, 2017 5:05 PM | Permalink

Google to End Email Content Scanning

After a decade of controversy, Google announced that it will stop scanning the content of all Gmail. Google stopped scanning e-mails for education in 2014 after a lawsuit charged that it violated wiretap laws. Google faced similar allegations in many other cases in the United States and around the world. EPIC warned about Google's e-mail scanning practices back in 2005 and filed a complaint with the FTC in 2009 over the privacy risks in Google's insecure cloud computing services, including Gmail. In 2014, EPIC led a successful campaign to stop Google from scanning student emails for commercial advertising. Last year, EPIC filed a friend-of-the-court brief in a Massachusetts case, again objecting to Google's Gmail scanning. EPIC explained in 2005 that Google's email service undermined online privacy and prevented the adoption of important security methods, such as end-to-end encryption.

Tags:

Posted by EPIC on June 23, 2017 4:45 PM | Permalink

EPIC Urges Senate Judiciary Committee To Restore PCLOB to Full Strength

In advance of a hearing on the Foreign Intelligence Surveillance Act, EPIC has sent a statement to the Senate Judiciary Committee urging increased public reporting of the government's surveillance activities under section 702. EPIC also highlighted the need to restore the Privacy and Civil Liberties Board (PCLOB) to full strength. As Judge Patricia Wald recently stated in remarks at the EPIC Champions of Freedom Dinner, "an agency dedicated to protecting privacy and civil liberties inside the intelligence community with access to classified material is a uniquely valuable asset in the ever difficult search for the right balance between national security and democratic values." EPIC testified before the House Judiciary Committee in support of increased transparency during the 2012 FISA reauthorization hearings. Analysis of 702 reform by Prof. Laura Donohue.

Tags:

Posted by EPIC on June 23, 2017 4:55 PM | Permalink

Supreme Court Won't Review Ruling on Secretive Sentencing Algorithms

The Supreme Court has declined to review the ruling of a state court that upheld the use of a secret algorithm to determine a criminal sentence. The petitioner Loomis argued that he was not able to assess the fairness or accuracy of the legal judgement, and that the secret "risk assessment" algorithm therefore violated fundamental Due Process right. EPIC has pursued several related cases to establish the principle of algorithmic transparency in the United States. In EPIC v. DHS, EPIC obtained documents about secret behavioral algorithms that purportedly determine an individual's likelihood of committing a crime. In a series of state FOI cases, EPIC obtained records from state agencies about the use of propriety DNA analysis tools to determine guilt or innocence. EPIC is currently litigating EPIC v. CBP before the DC Circuit Court of Appeals, a case concerning the secret scoring of airline passengers by the federal government.

Tags:

Posted by EPIC on June 26, 2017 12:35 PM | Permalink

EPIC Pursues Release of Trump Tax Returns in IRS FOIA Case

EPIC filed a court brief Monday opposing an attempt by the Internal Revenue Service to dismiss EPIC's FOIA lawsuit for President Trump's tax returns. EPIC filed the suit for the tax records on April 15 after the IRS refused to process EPIC's FOIA Request for the President's returns. The IRS responded by asking the court to dismiss the case, insisting that the agency did not have to process EPIC's request because the President's consent had not been obtained. As EPIC told the court on Monday, the IRS focused on the wrong law, ignoring a provision that gives EPIC a right to access the President's tax records without consent. EPIC explained that the agency's argument "is irrelevant to the processing of this particular FOIA request." EPIC v. IRS is one of three leading open government cases concerning Russian interference with the 2016 Presidential election. In EPIC v. ODNI, EPIC is seeking the release of the complete report on the scope of the attack. In EPIC v. FBI, EPIC is seeking information about the FBI’s response to the attack.

Tags:

Posted by EPIC on June 27, 2017 9:35 AM | Permalink

TSA Proposal to Inspect Books at US Airports Raises First Amendment Concerns

The TSA is considering a requirement to remove books from carry-on luggage for inspection during security screenings. The procedure raises concerns that individuals may be singled out for their religious and political beliefs, implicating core First Amendment values. In 2015 a college student won a $25,000 settlement after he was detained by the TSA for carrying Arabic flash cards. EPIC has pursued litigation against invasive airport screening techniques. In EPIC v. DHS, EPIC successfully sued to require the Department of Homeland Security to obtain public comment on the use of body scanners in U.S. airports. The litigation also led to the removal the backscatter x-ray devices from airports. EPIC recently filed a FOIA request to determine why US travelers returning to the United States are subject to biometric identification. In numerous cases, including a recent case before the US Supreme Court, EPIC has argued for the freedom to without government surveillance.

Tags:

Posted by EPIC on June 27, 2017 9:40 AM | Permalink

EPIC v. ODNI: Intelligence Agency Opposes Release of Report on Russian Hacking

In a motion filed in EPIC v. ODNI, the government contends that it is not obligated to review a critical government report for even partial release under the Freedom of Information Act. EPIC filed the lawsuit for the release of the complete report on the Russian interference with the 2016 election after the ODNI published a limited, declassified version. "The ODNI should release the complete report to EPIC so that the public and the Congress can understand the full extent of the Russian interference with the 2016 Presidential election," EPIC President Marc Rotenberg told POLITICO. "It is already clear that government secrecy is frustrating meaningful oversight. The FBI, for example, will not even identify the states that were targeted by Russia." EPIC will challenge the agency's response as the litigation continues in federal district court in Washington, DC. EPIC v. ODNI is one of several FOIA suites EPIC is pursuing under the new EPIC Democracy and Cybersecurity Project focused on preserving democratic institutions. In EPIC v. IRS EPIC seeks release of President Trump's Tax records. In EPIC v. FBI, EPIC has already obtained the Bureau's procedures for notifying organizations that are the target of a cyber attack.

Tags:

Posted by EPIC on June 27, 2017 10:40 AM | Permalink

FTC Updates Guidance on Children's Privacy Law, Includes Connected Toys

The Federal Trade Commission has updated its guidance for businesses on complying with the Children's Online Privacy Protection Act. The new guidance clarifies that connected toys, Internet of Things devices, and other products intended for children must comply with the Act. "When companies surreptitiously collect and share children's information, the risk of harm is very real," FTC acting Chair Maureen Ohlhausen recently wrote. An EPIC-led coalition filed a complaint with the FTC in 2016 alleging that Intenet-connected dolls violate U.S. privacy law. EPIC's complaint spurred a congressional investigation and toy stores across Europe have removed Cayla from their shelves. The FTC acknowledged EPIC's complaint but has yet to act on it.

Tags:

Posted by EPIC on June 27, 2017 10:45 AM | Permalink

EPIC's Rotenberg Elected to CSISAC Steering Committee

EPIC President Marc Rotenberg was elected by members of the Civil Society Information Society Advisory Committee to a two-year term on the CSISAC Steering Committee. CSISC is "the voice of Civil Society at the OECD" on the future of the digital economy. CSISAC facilitates the exchange of information between the OECD and civil society. CSISAC follows the Seoul Declaration set out at the OECD Ministerial in South Korea in 2008. CSISAC recently hosted a forum, "Toward an Inclusive, Equitable, and Sustainable Digital Economy," in conjunction with the 2016 OECD Ministerial conference in Mexico.

Posted by EPIC on June 27, 2017 11:35 AM | Permalink

Google Faces Record Fine for Monopolistic Search Practices

European antitrust officials have imposed a $2.7 billion fine on Google for favoring its own services over competitors on Google search, which now dominates 90% of the market in Europe. It is the largest antitrust fine in European history. European Commissioner Margrethe Vestager stated "Google has abused its market dominance in search by promoting its own services and demoting its competitors. What Google has done is illegal under EU antitrust rules. It has denied other companies the chance to compete on the merits and to innovate. And most importantly, it has denied European consumers the benefits of competition, genuine choice, and innovation." Google competitors and news organizations, based in the United States, favored the outcome. Over many years, EPIC had urged the US government to take a closer look at Google's anti-competitive practices. In testimony before the Senate Judiciary Committee in 2007, EPIC warned that Google's growing dominance of online advertising would diminish user privacy and market competition. In a statement to the FTC in 2011, EPIC explained that Google altered the search rankings of YouTube after it acquired the company to preference Google's content over that of competitors and NGOs, including EPIC. In 2012, EPIC told the FTC that "Google's business practices raise concerns related to both competition and the implementation of the Commission's consent order." EPIC later sued the FTC for its failure to enforce the consent order.

Tags:

Posted by EPIC on June 27, 2017 1:25 PM | Permalink

EPIC Recommends National Safety Standard for "Self-Driving" Vehicles

In remarks today to a joint workshop of the FTC and NHTSA, EPIC President Marc Rotenberg called for the establishment of national safety standards prior to the deployment of "self-driving" vehicles on the nation's highways. "Given the current vulnerabilities of networked communications, self-driving vehicles are simply unsafe at any speed," said Mr. Rotenberg. EPIC has participate in numerous NHTSA rule makings on auto safety, proposed stronger data protection standards for connected vehicles, and sided with consumers in a case concerning the risks of autonomous vehicles. In extensive comments for the FTC/NHTSA workshop, EPIC pointed to known vulnerabilities with bluetooth communications, auto hacking, "level 3" control, malware and ransomware, auto repossession remote deactivation, and safety defects. EPIC urged the FTC and NHTSA to focus on "data protection, vehicle safety, consumer protection, and privacy." EPIC also said that the ability of states to develop safety standards must be maintained. EPIC warned that the failure to establish robust safety standards could be "catastrophic."

Tags:

Posted by EPIC on June 28, 2017 9:35 AM | Permalink

EPIC Seeks Information About Unprecedented DOJ Request for State Voter Procedures

EPIC has submitted an urgent Freedom of Information Act request about the Justice Department's attempts to obtain state voter procedures. In a June 28th letter to the forty-four states, the DOJ requested detailed information about state voter registration maintenance requirements within 30 days. The DOJ request to the states was sent the same day a new Presidential Commission demanded extensive voter registration data from all the states. Both he DOJ request and the request of the Presidential Commission are without precedent. EPIC has a long history of defending voter privacy and election integrity. EPIC has testified before the Election Assistance Commission on Voting System Guidelines, and published a joint report The Secret Ballot at Risk: Recommendations for Protecting Democracy, highlighting how Internet voting threatens voter privacy. For more information, visit: https://epic.org/privacy/voting/.

Tags:

Posted by EPIC on June 30, 2017 3:55 PM | Permalink

EPIC Urges the FCC To Take Steps To Eliminate Robocalls

In comments to the FCC, EPIC has proposed that telephone service providers take steps to block unlawful robocalls. The FCC is considering a new rule that would allow phone companies to block calls from numbers they know are invalid, such as numbers that have not been assigned to a subscriber. Illegal robocalls cause substantial harm to consumers and often result in identity theft and financial fraud. EPIC supports robust telephone privacy protections and recently filed an amicus brief in support of the FCC's 2015 order that strengthened consumer protections under the TCPA.

Tags:

Posted by EPIC on June 30, 2017 5:30 PM | Permalink

Experts, Privacy Groups Oppose Demand for State Voter Records

In a letter to state election officials, more than 50 experts and 20 privacy organizations have urged the states to oppose a request from a Presidential Advisory Commission for voter records. The recently formed Commission is seeking comprehensive voter data from all 50 states, including dates of birth, political party, partial SSNs, voter history, and information regarding felony convictions and military services. The letter from the voting experts and privacy organizations says, “This is sensitive personal information that individuals are typically required to provide to be eligible to vote. There is no indication how the information will be used, who will have access to it, or what safeguards will be established.” The letter also notes that the Presidential Commission may have failed to complete a Privacy Impact Assessment, required by federal law, prior to the collection of personal data. California, among other states, has said it will oppose the request.

Tags:

voting and privacy

Posted by Alan Butler on June 30, 2017 6:55 PM | Permalink