« February 2018 | Main | April 2018 »

March 2018 Archives

March 1, 2018

FTC Report - ID Theft Complaints Rank High

Identity theft ranked second among all complaints submitted to the Federal Trade Commission in 2017. Although the total number of complaints dropped, consumers reported losing $63 million more to identity theft and fraud in 2017 than in 2016. EPIC has warned that "the FTC's failure to act against the growing threats to consumer privacy and security could be catastrophic." 2017 marked a record year for data breaches. EPIC urged the FTC to enforce data security standards as part of its 10 recommendations for the FTC's five-year strategic plan. EPIC President Marc Rotenberg also testified before the Senate and the House following the Equifax breach, calling for comprehensive data protection legislation.

EPIC, Coalition Seek Details of "Extreme Vetting" Initiative

EPIC and a broad coalition of civil rights organizations submitted a Freedom of Information Act request today seeking details related to ICE's "Extreme Vetting" Initiative, including the collection and use of social media information. The federal is agency is making deportations and visa decisions based on vague and ambiguous criteria. The FOIA request seeks to make public the specific procedures and policies for Extreme Vetting. Last year, EPIC and a coalition of civil rights organizations sent a joint statement to the Acting Secretary of Homeland Security to oppose the Extreme Vetting Initiative. EPIC previously opposed a proposal to collect social media information for use in visa determinations.

Rep. Lieu Introduces Two Consumer Data Protection Bills

Today Rep. Lieu (D-CA) introduced two bills to safeguard consumer data: the "Protecting Consumer Information Act of 2018" and the "Ending Forced Arbitration for Victims of Data Breaches Act." The first bill will expand the Federal Trade Commission's enforcement authority over credit reporting agencies, while allowing state attorneys general to also bring enforcement actions. The second bill will prohibit entities from enforcing mandatory arbitrary clauses—which prohibit consumers from filing lawsuits—in data breach cases. In a press release announcing the legislation, Rep. Lieu said, "these bills forge a path forward that can both prevent future breaches and ensure victims can seek due process when they occur." Rep. Lieu's announcement came the same day that Equifax disclosed an addition 2.4 million people were impacted by last year's data breach, bringing the total to approximately 148 million people. EPIC President Marc Rotenberg recently testified before Congress to call for comprehensive privacy legislation and the creation of a federal data protection agency.

March 5, 2018

SEC Issues Guidance on Cybersecurity Disclosures

The Securities and Exchange Commission has released guidance for cybersecurity risks and incidents. The SEC stated that "in light of the increasing significance of cybersecurity incidents," it is "critical" for companies to routinely report cybersecurity threats. The Commission also emphasized that corporate officers must not trade on nonpublic information. Equifax waited six weeks to notify the public of its data breach, and its executives were accused of insider trading after it was revealed that they sold Equifax stock prior to informing the public of the breach. EPIC has long advocated for mandatory breach notification. EPIC President Marc Rotenberg recently testified on data security and breach notification before the House and Senate, explaining that companies' failure to protect data threatens not only consumers but also national security.

Senators Introduce Bill to Limit Device Searches at the Border

Senators Patrick Leahy (D-VT) and Steve Daines (R-MT) have introduced a bill that would place restrictions on searches and seizures of electronic devices at the border. The bill sets out detailed procedures for seizing electronic devices, including a warrant requirement prior to inspection of the device, data minimization, and exclusion of evidence that is obtained in violation of the Act. The bill also establishes reporting requirements to determine the scope and frequency of device searches. Senator Leahy stated that "no American should have to relinquish all of their privacy rights to their cell phones, laptops and other electronic devices, simply because they are coming home from a trip abroad." The bill would also require a warrant to use software to analyze seized electronic devices. In a statement to Congress last year, EPIC warned that enhanced surveillance at the border will impact citizens' rights.

March 6, 2018

Senators Ask Director of National Intelligence About Russian Meddling

Today the Senate Armed Services Committee held a hearing that addressed concerns about Russian interference in upcoming elections. In his opening statement, the Director of National Intelligence Daniel Coats stated that Russia views its influence on the 2016 election as successful and emphasized the threat that Russian cyberattacks pose to U.S. democracy. Coats testified that the U.S.'s response has not been sufficient to deter Russia from interfering in the 2018 midterm elections, agreeing with testimony of Admiral Michael Rogers, the Commander of U.S. Cyber Command, in a hearing last week. Coats called the U.S.'s strategy to combat Russian interference a "whole government approach," but it concerned some Senators that there was no lead agency in charge of this effort, including Senator Mazie Hirono (D-HI) who said that it caused her to conclude that it is "not a top priority" for the President. EPIC launched a project on Democracy and Cybersecurity in response to Russian interference in the 2016 presidential election.

EPIC to Congress: Examine "Connected Devices," Safeguard Consumer Privacy

EPIC sent a statement to a House Committee on Energy and Commerce in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing both data breaches and "always on" devices that record users' private conversations. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC warned of growing risks to consumer safety and public safety. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices.

EPIC Names New Advisory Board Members

EPIC has announced the newest members of the EPIC Advisory Board. They are Professor Woodrow Hartzog, Dr. Rush D. Holt, Len Kennedy, and Roger McNamee. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC’s work on privacy and civil liberties. The publication of the EPIC Advisory Board members are available at the EPIC Bookstore. Dr. Whitfield Diffie, Professor Harry Lewis, and Professor Jennifer Daskal recently joined the EPIC Board of Directors. The 2018 EPIC Champion of Freedom Awards will be presented on June 6, 2018 at the National Press Club. Press Release.

March 9, 2018

EPIC FOIA: EPIC Sues DHS for Drone Reports

EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain the public release of information about the use of drones for domestic surveillance. EPIC cited a Presidential Memorandum that required all federal agencies to prepare public reports on drone deployment. EPIC's lawsuit charges that the DHS has failed to make these reports public. In a previous lawsuit against the DHS, EPIC obtained records which revealed that DHS drones had the capability to intercept electronic communications and identity humans at a distance. EPIC has also brought a lawsuit against the FAA to establish drone privacy regulations in the United States.

International Privacy Experts Adopt Privacy Recommendations for Web Registration

The International Working Group on Data Protection has adopted new recommendations to enhance the privacy of website registration data. The Berlin-based Working Group includes Data Protection Authorities and experts who assess emerging privacy challenges. The "Working Paper on Privacy and Data Protection Issues with Regard to Registrant data and the WHOIS Directory" highlights privacy risks of the current registration system. When registering a new website with ICANN, the personal data of website owners is published in a widely accessible database. The Working Group recommends limitations on disclosure consistent with the purpose of registration - to provide limited contact information to resolve technical concerns. Registration data is also subject to the GDPR. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.

Appeals Court Revives Data Breach Suit Against Zappos

A federal appeals court has ruled that consumers affected by a Zappos.com data breach have the right to sue the online retailer. The 2012 breach exposed the personal data of more than 24 million Zappos customers. A lower court previously held that the consumers lacked "standing" to bring a lawsuit against Zappos because their injuries were merely "conjectural." But the Ninth Circuit Court of Appeals reversed that decision and allowed the case to continue. "With each new hack comes a new hacker, each of whom independently could choose to use the data to commit identity theft," the court wrote. EPIC regularly files amicus briefs defending standing in consumer privacy cases, most recently in Eichenberger v. ESPN (where the Ninth Circuit also held for consumers), Gubala v. Time Warner Cable, and In re SuperValu Customer Data Security Breach Litigation.

March 12, 2018

EPIC FOIA: Federal Voting Rights Officials Sought to 'Clean' State Voter Rolls

Officials from four different federal agencies discussed joint plans to "clean" state voter rolls last year, according to documents obtained by EPIC through a Freedom of Information Act request. The records show that the Election Assistance Commission, the Presidential Election Commission, the Department of Justice, and the Department of Homeland Security explored ways to cooperate on "cleaning" and "maintenance" of state voter registration databases. The documents also reveal that the Presidential Election Commission and the DOJ discussed "election integrity" issues just two weeks before both agencies issued sweeping requests for state election records on the same day. After EPIC brought suit against the Commission last yet to halt its unlawful gathering of personal voter data, the Commission temporarily suspended its data collection, discontinued the use of an unsafe computer server, deleted voter information that was illegally obtained, and ultimately disbanded.

EPIC Celebrates Sunshine Week With 2018 FOIA Gallery

In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2018 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases. In 2017, EPIC obtained the "victim notification procedures" that the FBI did not follow during the 2016 Presidential election, revealed that the FBI also failed to follow internal guidance for using intelligence data for criminal investigations, and uncovered problems with the border security biometric matching program. In the latest FOIA gallery, EPIC also highlighted four new EPIC FOIA lawsuits to uncover details of the Russian interference in the 2016 Presidential election and records, obtained by EPIC, revealing federal voting rights officials discussing ways to "clean" state voter rolls.

EPIC Supports Senate's Open Government Work

In advance of the Senate hearing on the Freedom of Information Act (FOIA), EPIC submitted a statement highlighting recent FOIA cases. EPIC told the committee about documents EPIC has obtained through FOIA requests and litigation, including documents obtained last week that show federal voting rights officials sought to "clean up" state voter rolls. EPIC also discussed its case against the IRS seeking the release of President Trump's tax returns. Since 2001, EPIC has produced an annual FOIA gallery in honor of Sunshine Week to feature EPIC's FOIA work over the past year.

March 13, 2018

EPIC Urges Appeals Court to Uphold Fourth Amendment Protections for Searches of Students' Cell Phones

EPIC has filed an amicus brief with the Eleventh Circuit Court of Appeals in Jackson v. McCurry, stating that teachers may not search a student's cell phone unless they have followed an explicit school policy that complies with Fourth Amendment requirements. Citing a recent Supreme Court opinion, EPIC explained, "after Riley, searches of students' cell phones require heightened privacy protections." Noting that "most teenagers today could not survive without a cellphone," EPIC wrote that searches of cell phones should be "limited to those circumstances when it is strictly necessary." EPIC previously participated as amicus curiae in Riley v. California, arguing that the search of a cellphone requires a warrant, and Commonwealth v. White, a case before the Massachusetts Supreme Judicial Court, arguing that a warrant is required before a school may turn over a student's cell phone to the police. Both cases produced favorable outcomes.

March 14, 2018

U.K. Blocks WhatsApp From Transferring Data to Facebook

U.K. privacy officials have blocked WhatApp from transferring personal data to Facebook until the company complies with the GDPR, the new European privacy law. The Information Commissioner's Office found that WhatsApp's proposed data transfer would have violated the U.K. Data Protection Act. "People have a right to have their personal data kept safe," explained Commissioner Elizabeth Denham in a blog post. EPIC has twice urged the FTC to block WhatsApp's transfer of personal data to Facebook, but the FTC has failed to act. The FTC approved Facebook's acquisition of WhatsApp in 2014 after both companies assured the Commission and the public that they would protect users' privacy, but in 2016 WhatsApp announced that it would begin transferring the names and phone numbers of its users to Facebook. France blocked the data transfer and the EU fined Facebook $122 million for misleading European authorities about the data transfer.

EPIC to Senate Intelligence: Ask NSA Director Nominee About Russian Election Interference

In advance of the hearing on the nomination of Lieutenant General Paul M. Nakasone to be the Director of the National Security Agency, EPIC has sent a statement to the Senate Intelligence Committee. EPIC urged the Committee to ask the nominee whether he agrees with the January 2017 assessment of the Intelligence Community that the Russians interfered with the 2016 Presidential election and whether he believes that the United States has taken sufficient steps to prevent Russian meddling in the mid-term elections. In the latest FOIA gallery, EPIC highlighted four new EPIC FOIA lawsuits to uncover details of the Russian interference in the 2016 Presidential election. One EPIC's FOIA cases, EPIC v. FBI, revealed that the Bureau failed to warn the DNC and the RNC that they were targeted by a Russian cyber attack.

FEC Proposes Regulation of Internet Political Ads

Today the Federal Election Commission voted unanimously, at a public meeting, to publish a proposed rule concerning transparency requirements for online political ads. The FEC noted EPIC's comments—arguing that internet companies should be held to the same standard as broadcast companies—in its proposal. The FEC will publish the proposal in the Federal Register, accept comments from the public, and then hold a public hearing on June 27, 2018. After Russian interference in the 2016 election, EPIC launched the Democracy and Cybersecurity Project to preserve the integrity of elections and democratic institutions. In comments to the FEC in November 2017, EPIC explained the "need to protect democratic institutions from foreign adversaries has never been greater...To help ensure the integrity of U.S. elections, the Federal Election Commission should not exempt technology companies from notification requirements for Internet communications."

March 15, 2018

EPIC to File Brief in D.C. Circuit on Right to Information Privacy

EPIC has informed the D.C. Circuit Court of Appeals that it will file an amicus brief in the OPM Data Security Breach case. The case concerns a pair of data breaches in 2015 that affected 22 million federal employees, their friends, and family members. EPIC has long warned that federal agencies collect far too much personal data that they fail to protect. In the 2012 case NASA v. Nelson, concerning repeated data breaches at the space agency, EPIC urged the Supreme Court to recognize a right to "informational privacy" that would limit data collection by federal agencies.

March 16, 2018

EPIC to UNESCO: Algorithmic Transparency is an Internet Universality Indicator

EPIC has provided comments to UNESCO on a proposed framework for Internet Universality Indicators. The UNESCO framework emphasizes Rights, Openness, Accessibility, and Multistakeholder participation. UNESCO said that the framework will help guide protections for fundamental rights. EPIC also proposed "Algorithmic Transparency" as a key indicator of Internet Universality. EPIC highlighted the risk of secret profiling, content filtering, the skewing of search results, and adverse decisionmaking, based on opaque algorithms. EPIC has worked closely with UNESCO for over 20 years on Internet policy issues. At UNESCO headquarters in 2015, EPIC said that algorithmic transparency should be a fundamental human right.

D.C. Circuit Affirms "Consent" Protection in FCC Robocall Rule

A federal appeals court ruled today in a closely watched case concerning robocalls. The rule under review in ACA International v. FCC concerned the FCC's regulations for the Telephone Consumer Protection Act. EPIC filed a friend of the court brief in the case in support of the FCC regulations. EPIC said that companies "seeking to engage in privacy-invading business practices" bear "the burden of proving consent." The court agreed that consumers could withdraw consent by all "reasonable means." However, the court vacated other aspects of the rule, including the definition of automated telephone dialing system and proposed procedures for calls to reassigned numbers.

March 19, 2018

Facebook "Breach" Highlights Failure of FTC to Enforce Consent Orders

In 2009, EPIC and a coalition of US consumer privacy organizations petitioned the Federal Trade Commission to establish comprehensive privacy safeguards after Facebook changed user privacy settings and secretly transferred user data to third parties. In 2011, the FTC agreed with the privacy groups and established a far-reaching settlement with the company, that prevented such disclosures, prohibited deceptive statements, and required annual reporting. But the FTC failed to enforce its consent order, even after EPIC sued the agency and consumer groups repeatedly urged the Commission to act. This weekend the Washington Post and the New York Times reported that Facebook disclosed the personal data of 50 million users without their consent to Cambridge Analytica, the controversial British data mining firm that sought to influence the 2016 presidential election.

March 20, 2018

EPIC Tells House to Probe Commerce Secretary on Data Protection, Privacy Shield

EPIC has sent a statement to the House Appropriations Committee outlining the key privacy issues facing the Secretary of Commerce. The Committee held a hearing today to discuss the FY19 budget for the Department of Commerce. EPIC stated that data protection may be "the most important issue that the Secretary of Commerce will confront over the next several years." EPIC said the FTC is simply not doing enough to safeguard the personal data of American consumers, as evidenced by this week's report on Facebook and Cambridge Analytica. EPIC also warned that Europe may suspend the Privacy Shield, a framework that permits the flow of European consumers' personal data to the U.S, if the United States does not modernize privacy law and establish a federal data protection agency.

EPIC, Consumer Groups Urge FTC To Investigate Facebook

In a statement issued today, EPIC and a coalition of consumer groups have called on the Federal Trade Commission to determine whether Facebook violated a 2011 Consent Order when it facilitated the transfer of personal data of 50 million Facebook users to the data mining firm Cambridge Analytica. The groups had repeatedly urged the FTC to enforce its own legal judgements. EPIC even sued the agency in 2012 for its failure to enforce a consent order against Google. "The FTC's failure to act imperils not only privacy but democracy as well," the groups warned. Between 2009 and 2011 EPIC and other consumer groups undertook extensive work to document Facebook's privacy abuses that led to the consent order in 2011.

EPIC FOIAs FTC, Seeks Facebook's Privacy Assessments

EPIC has submitted an urgent Freedom of Information Act request to the Federal Trade Commission, seeking the privacy assessments required by the FTC's 2012 Consent Order. Facebook is required to produce independent privacy assessments every two years for the next 20 years. Each assessment should "identify Facebook's privacy controls maintained during the reporting period, explain the appropriateness of these controlsin relation to Facebook's activities and sensitivity of information, as well as explain how these controls meet or exceed the protections" required in the 2012 Consent Order. Facebook is also required to identify an independent privacy auditor, approved by the FTC. EPIC previously obtained the 2012 Initial Compliance Report as well as the 2013 Initial Assessment through an earlier FOIA request. EPIC is now seeking the 2015 and 2017 reports which cover the period for the data transfers to Cambridge Analytica.

March 22, 2018

Senator Feinstein Calls for Transparency on Russian Election Interference

At a Senate Intelligence Committee hearing on Election Security this week. Senator Diane Feinstein said “America is the victim and America has to know what’s wrong. And if there are states that have been attacked, America should know that.” In a Freedom of Information Act lawsuit EPIC v. FBI, EPIC obtained the FBI notification procedures that would have applied during the 2016 Presidential election. The documents state that “[b]ecause timely victim notification has the potential to completely mitigate ongoing and future intrusions and can mitigate the damage of past attacks while increasing the potential for the collection of actionable intelligence, CyD’s policy regarding victim notification is designed to strongly favor victim notification.” However, the FBI did not follow this procedure following cyber attacks on the DNC and RNC during the 2016 Presidential Election. In early 2017, EPIC launched the Project on Democracy and Cybersecurity. EPIC is currently pursuing several additional FOIA cases concerning Russian interference with the 2016 election, EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity).

Continue reading "Senator Feinstein Calls for Transparency on Russian Election Interference" »

EPIC FOIA: EPIC Obtains FBI Policy for Disseminating Biometric Info

Through a Freedom of Information Act request, EPIC has obtained the FBI’s “Policy for Biometric Information Sharing with Domestic and International Agencies.” The documents EPIC obtained also contain details of the United States’ agreement with Iraq to exchange biometric data, including to not subject the information to any dissemination restrictions of the US or Iraq. The FBI maintains one of the world's largest biometric databases, known as the "Next Generation Identification” system, which includes facial IDs gathered from international conflicts. In 2007, EPIC, Privacy International, and Human Rights Watch warned the Secretary of Defense that the “system of biometric identification contravene international privacy standards and could lead to further reprisals and killings.” EPIC noted in 2010 "President Obama’s address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict."

House Bill Would Create Commission on AI

Congresswoman Elise Stefanik (R-NY) has introduced a bill (H.R. 5356) that would create the National Security Commission on Artificial Intelligence (AI).Congresswoman Stefanik said, “It is critical to our national security but also to the development of our broader economy that the United States becomes the global leader in further developing this cutting edge technology.” The Commission would conduct a comprehensive review of AI technologies, assess the risks to national security, identity actionable items, and provide recommendations to the President and Congress. The Commission’s recommendations would also address: data and privacy, international law and ethics, competitiveness, technological advantages, cooperation and competition, investments and research, and workforce and education. In 2015, EPIC launched an international campaign for Algorithmic Transparency. EPIC has also warned Congress about the use of opaque technique in automated decision-making.

EPIC FOIAs Commerce Department about Citizenship Question on 2020 Census

EPIC has submitted an urgent Freedom of Information Act request to the Department of Commerce seeking information about a proposed citizenship question on the 2020 census. Secretary Wilbur Ross stated today that the Department of Commerce will make a decision as to whether to include the controversial question in the 2020 census by March 31. Secretary Ross also said, “there are probably 15 or 20 different very complicated issues involved in the request.” EPIC specifically requested information about these issues. The census raises significant privacy risks. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to DHS after 9-11.

March 26, 2018

FTC Confirms Investigation Into Facebook about 2011 Consent Order

The Federal Trade Commission has confirmed an investigation into Facebook for the company's failure to protect the personal data obtained by Cambridge Analytica. Facebook likely violated the FTC's 2011 Consent Order with the company. Last week, EPIC and a coalition of consumer organizations urged the FTC to reopen the investigation. EPIC and other consumer organizations brought the complaint that led to the FTC's 2011 Order. Thomas Pahl, the Acting Director of the FTC's Bureau of Consumer Protection stated today, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent article for Techonomy, EPIC President Marc Rotenberg emphasized that "the transfer of 50 million user records to the controversial data mining and political consulting firm could have been avoided if the Federal Trade Commission had done its job."

EPIC FOIA: CFPB Raise Further Questions About Equifax Investigation

Through a Freedom of Information Act request, EPIC obtained records of email communications between Consumer Financial Protection Bureau staff members regarding the Equifax data breach investigation. The emails reveal that the CFPB was contacted by a Reuters reporter days before the article alleging the CFPB halted the Equifax investigation was published to confirm certain facts about the story. At that time, the CFPB did not correct the allegations in the article but instead provided the reporter a brief official statement stating they will not comment to ongoing investigations but the CFPB has the "desire, expertise, and know-how, in-house, to vigorously hypothetically pursue matters such as these." In the aftermath of the Reuters Equifax article, the CFPB exchanged emails about how to respond to the story and one staffer stated, "no more specific reaction than 'reports are incorrect.'" Acting Director Mick Mulvaney has since publicly confirmed that the CFPB's Equifax investigation is still ongoing.

CLOUD Act Enacted, Allows Law Enforcement Access to Data Stored Abroad

President Trump has signed the CLOUD Act, requiring internet companies to hand over personal data to U.S. law enforcement agencies, no matter where that data is stored. The Act also allows the executive branch to create agreements with foreign countries to provide direct access to personal data stored in the United States. EPIC submitted an amicus brief in United States v. Microsoft arguing that law enforcement access to data abroad should be resolved by international consensus and comply with human rights norms. Many organizations and privacy experts have endorsed the Madrid Privacy Declaration, which would establish international protections for personal data.

State AGs Launch Facebook Investigation

A bipartisan group of 37 State Attorneys General is investigating Facebook's business practices and lack of privacy protections. "Businesses like Facebook must comply with the law when it comes to how they use their customers' personal data," Pennsylvania Attorney General Josh Shapiro said. "State Attorneys General have an important role to play in holding them accountable." The Federal Trade Commission also announced today that it is investigating Facebook. Senate Judiciary Chairman Grassley has also said there will be hearings on the Facebook matter when Congress returns.

DC Circuit Sets Briefing Schedule in Information Privacy Case

The D.C. Circuit has set the briefing schedule for the OPM Data Security Breach case, concerning a pair of data breaches in 2015 that affected 22 million federal employees, their friends, and family members. EPIC recently informed the Court that it will file an amicus brief, which will now be due on May 17, 2018. EPIC has long warned that federal agencies collect far too much personal data that they fail to protect. In the 2012 case NASA v. Nelson, concerning repeated data breaches at the space agency, EPIC urged the Supreme Court to recognize a right to "informational privacy" that would limit data collection by federal agencies.

March 27, 2018

2020 US Census to Include Citizenship Question, Senators Introduce Bill to Block

The Department of Commerce announced that the 2020 census will include a question on citizenship status. The decennial census has not included a citizenship question since 1950. Critics argue that the question will result in unreliable data collection and skew census results. Senator Menendez (D-NJ) has introduced S. 2580, a bill that would prohibit the census from including a citizenship question. Last week EPIC submitted a Freedom of Information Act request seeking documents on the Department's consideration of the many complicated issues related to the question. The census raises significant privacy risks. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to DHS after 9-11.

March 28, 2018

EPIC, Coalition Call On Facebook to Stop Electioneering

EPIC joined Consumer Watchdog and a coalition of consumer organizations to urge Facebook to cease all campaign contributions and electioneering activity. The groups also recommended that Facebook retain Jimmy Carter and the Carter Center to audit Facebook's use of personal information for election advertisements. Last week, EPIC and a coalition of consumer groups called on the Federal Trade Commission to investigate Facebook. EPIC has also urged the Federal Election Commission to provide transparency for online political ads. EPIC is fully engaged in protecting the integrity of elections with its Project on Democracy and Cybersecurity.

FBI Concealed Crypto Capabilities

An internal investigation has revealed the FBI was not transparent about its technical capabilities before suing Apple to unlock an encrypted iPhone. Department of Justice Inspector General reports that FBI personnel failed to communicate to agency leadership that the FBI was very close to opening the phone. Investigating the 2015 mass shooting San Bernardino, the FBI filed suit to force Apple to create custom technology to decrypt an iPhone. The Agency's case relied on the fact that it "cannot access" that phone's content. EPIC filed an amicus brief in Apple v. FBI arguing that the "security features in dispute in this case were adopted to protect consumers from crime."

March 29, 2018

EPIC Urges FTC to Strengthen PayPal/Venmo Settlement

In detailed comments, EPIC advised the FTC to strengthen a proposed settlement with PayPal concerning Venmo, a mobile app for peer-to-peer payments. The FTC complaint found that Venmo made misrepresentations about privacy and security practices. EPIC recommended that the FTC require PayPal to (1) change the default setting to private, (2) require affirmative consent for subsequent changes, (3) make the privacy assessments public, (4) require multi-factor authentication, and (5) comply with Fair Information Practices. The FTC is obligated to consider public comments before finalizing a proposed settlement and must provide a “reasoned response” if it fails to modify an order. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat.

Continue reading "EPIC Urges FTC to Strengthen PayPal/Venmo Settlement" »

March 30, 2018

State Department to Require Social Media IDs of Visa Applicants

In a Federal Register notice released today, the State Department is proposing that all visa applicants submit social media identifiers to the federal government. EPIC previously opposed the agency’s plan, warning that "this proposal leaves the door open for abuse, mission creep, and the disproportionate targeting of Muslim and Arab Americans." Earlier this year, EPIC and a broad coalition of civil rights organizations submitted a Freedom of Information Act request seeking details of the Trump Administration’s “extreme vetting” initiative, including the collection and use of social media information.

Continue reading "State Department to Require Social Media IDs of Visa Applicants" »

About March 2018

This page contains all entries posted to epic.org in March 2018. They are listed from oldest to newest.

February 2018 is the previous archive.

April 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.