epic.org: March 2019 Archives

EPIC Files Opening Brief in Appeal to Block Census Citizenship Question

EPIC has filed an opening brief in the appeal to block the Census Bureau from collecting citizenship data in the 2020 Census. EPIC told the D.C. Circuit that the Census Bureau failed to complete privacy impact assessments required by law. “This uninformed data collection by a federal agency is precisely what the E-Government Act prohibits,” EPIC explained. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that “major privacy risks have not been addressed by the agency.” EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).

Tags:

Posted by Caitriona Fitzgerald on March 2, 2019 1:42 PM | Permalink

EPIC Obtains FBI's Updated Media Guidelines

In response to EPIC's Freedom of Information Act request, the Federal Bureau of Investigation has released documents (part 1, part 2, part 3) concerning the agency's use of National Security Letters to obtain information from the media. The disclosure to EPIC includes a revised policy that followed criticisms of government surveillance of journalists. In an earlier amicus brief, EPIC recommended enhanced oversight of National Security Letters.

Tags:

Posted by EPIC on March 4, 2019 12:30 PM | Permalink

EPIC Launches #EnforceTheOrder, Urges FTC Action on Facebook

With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder. EPIC is urging the Federal Trade Commission to act before March 26, 2019. Many experts, including former FTC Chief Technology Officer Ashkan Soltani, Senator Richard Blumenthal, and former FTC Chair William Kovacic, have said that Facebook violated the consent order. EPIC has also joined with Color of Change, the Open Markets Institute and others to urge the FTC to impose a significant fine and also to break up the company, reform hiring and management practices, and install a director to represent users. Follow EPIC at @EPICprivacy for the latest on the campaign. Join us. Tweet why enforcement matters to you. Include #EnforceTheOrder @FTC @facebook.

Tags:

Posted by EPIC on March 5, 2019 9:40 AM | Permalink

Reports - NSA Call Record Program Shut Down

The National Security Agency has reportedly ended the controversial collection of Americans' phone records. The USA Freedom Act limited the NSA's bulk collection program. However, the NSA has acknowledged compliance problems and doubts remain about renewal of the program later this year. Now, a senior Hill aide has said the NSA "hasn't actually been using it for the past six months" and it is not clear "that the administration will want to start that back up." In 2013, EPIC filed a petition with the U.S. Supreme Court, challenging the lawfulness of the program. EPIC and a coalition have since called attention to the NSA's failure comply with the requirements of the Freedom Act. EPIC previously called for an end to the phone record collection program.

Tags:

Posted by EPIC on March 5, 2019 12:50 PM | Permalink

EPIC to Congress: Require Algorithmic Transparency To Prevent Discriminatory Profiling

Prior to a hearing on "Inclusion in Tech: How Diversity Benefits All Americans," EPIC has sent a statement to a House committee. EPIC said that "algorithmic transparency" could reduce bias and help ensure fairness in automated decisionmaking. EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC, Color of Change, the Open Markets Institute, and others have also urged the FTC to require Facebook to reform is hiring practices. "If the company wishes to connect the world," EPIC and the groups wrote, "it must also be prepared to reflect the world in all of its decision-making."

Tags:

Posted by EPIC on March 5, 2019 5:20 PM | Permalink

EPIC Urges Congress to Examine Surveillance at the Border

In advance of a hearing on border security, EPIC sent a statement to the House Committee on Homeland Security urging an examination of surveillance programs in use at the border. EPIC asked the Committee to examine the warrantless searches of mobile devices, social media profiling, and the use of drones. EPIC has filed several FOIA lawsuits against DHS regarding these surveillance activities, warning that border surveillance programs often capture the personal data of Americans. A previous FOIA lawsuit EPIC v. CPB uncovered Palintir's role in the development of the Analytical Framework for Intelligence, a program that assigns "risk assessment" scores to travelers, including U.S. citizens.

Tags:

Posted by EPIC on March 5, 2019 5:25 PM | Permalink

DHS Privacy Advisory Committee Finalizes Facial Recognition Report

The DHS Privacy Advisory Committee issued final recommendations on facial recognition use at the border. The report examined transparency, data minimization, data quality and integrity, and accountability and auditing. The report said entrants to the U.S. need notice of their rights and how to exercise those rights. The final recommendations differed only slightly from the draft recommendations. In response to EPIC's comments, the final report included recommendations for increased reporting and research of facial recognition accuracy. However, the DHS report failed to address the lack of legal authorization for the facial recognition program or establish that the program is necessary for national security.

Tags:

Posted by EPIC on March 6, 2019 1:54 PM | Permalink

Second Court Blocks Census Citizenship Question

A federal court in California has blocked the Census Bureau from adding a citizenship question to the 2020 Census, becoming the second court to do so. The court found that the Bureau made an arbitrary decision to include the citizenship question, then engaged in a "cynical search to find some reason, any reason" to "justify that preordained result." A federal court in New York recently blocked the citizenship question in a different case, but the Supreme Court is set to review that decision. In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).

Tags:

Posted by EPIC on March 6, 2019 4:00 PM | Permalink

Senate Report Finds Equifax failed to Address Known Cybersecurity Risks

In a report released this week, the Senate Homeland Security Investigations Subcommittee found that Equifax was aware of cybersecurity weaknesses for years before the massive breach in 2017, which affected 148 million U.S. consumers. The Senate report found that Equifax chose "efficient business operations rather than security protocols" that allowed a foreign government to access the authenticating details, including dates of birth and SSNs, of American consumers. In December, the House Committee on Oversight released a report which found that the Equifax breach was "entirely preventable." Following the Equifax data breach, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft.

Tags:

Posted by EPIC on March 7, 2019 1:15 PM | Permalink

Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers

In a Senate Judiciary Committee hearing earlier this week, Senator Richard Blumenthal said that antitrust enforcers must consider unwinding anticompetitive mergers. “Over the past decade tech companies have in effect been given a free pass by antitrust regulators,” Senator Blumenthal said. "Facebook perhaps should never been allowed to acquire Instagram, Google to acquire DoubleClick. I have come to the conclusion that maybe post merger, some of these transactions should be challengeable, rarely done, but still challengeable, especially when the merger is approved on conditions that are then violated.” Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger.

Tags:

Posted by Caitriona Fitzgerald on March 7, 2019 8:59 PM | Permalink

EPIC Investigates the Transfer of Personal Data from DHS to Census Bureau

EPIC has submitted urgent Freedom of Information Act requests to the Department of Homeland Security (USCIS and the Office of Immigration Statistics) and the Census Bureau for records about the planned transfer of personal data from DHS to the Census Bureau. After a federal judge in California ruled that adding a citizenship question to the 2020 Census was unconstitutional, the AP reported that DHS would disclose to the Census Bureau personal data, including names, addresses, birth dates, Social Security numbers, and alien registration numbers. The Census Bureau confirmed that the agency was preparing an agreement with DHS to “receive administrative records.” In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).

Tags:

Posted by John Davisson on March 8, 2019 7:29 PM | Permalink

EPIC Celebrates Sunshine Week With 2019 FOIA Gallery

In celebration of Sunshine Week, EPIC has unveiled the 2019 FOIA Gallery. Since 2001, EPIC has published annually highlights of EPIC’s most significant open government cases and Freedom of Information Act requests. In 2018, EPIC obtained e-mails about mass surveillance programs developed by Justice Kavanaugh as a White House legal advisor, records about the controversial DHS "media monitoring program," communications between the FTC and Facebook about the agency's failure to enforce the 2011 Consent Order, and documents that revealed obscure travel blacklists in the "SecureFlight" program. In the latest FOIA gallery, EPIC also highlight a significant ruling from the D.C. Circuit in EPIC v. IRS where the court stated that the IRS "misunderstands its FOIA disclosure obligations." This is one of two cases EPIC filed to obtain the public release of President Trump's tax records. In EPIC v. IRS, the district court noted that President Trump tweeted, "For the record, I have ZERO investments in Russia. Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING!"

Tags:

Posted by EPIC on March 11, 2019 9:30 AM | Permalink

At OECD, EPIC's Rotenberg Calls for "Bold" AI Framework

Speaking to the Going Digital Summit of the OECD in Paris, EPIC President Marc Rotenberg urged the OECD to adopt a bold framework for AI that will safeguard fundamental rights. "The OECD is uniquely situated to put forward an international framework that spurs innovation, and protects democratic institutions and human rights," said Mr. Rotenberg. The OECD Civil Society Advisory Council has promoted the Universal Guidelines for AI, a policy framework endorsed by more than 250 experts and 60 associations in more than 40 countries.

Tags:

Posted by EPIC on March 11, 2019 1:50 PM | Permalink

Buzzfeed: EPIC Docs Reveal Flawed Facial Recognition Program

At the start of Sunshine Week, Buzzfeed featured documents obtained by EPIC about a deeply flawed facial recognition program that could impact all U.S. travelers returning to the United States. The documents, released following an EPIC FOIA request, describe the Administration's plan to extend a faulty CBP pilot program to TSA, ICE, and the Coast Guard. Documents previously obtained by EPIC, following a lawsuit against DHS, found similar problems with a facial recognition program at the southern border.

Tags:

Posted by EPIC on March 11, 2019 2:15 PM | Permalink

EPIC Advises Senate on Federal Privacy Legislation

Prior to a hearing on "GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation," EPIC has sent a letter and related materials to the Senate Judiciary Committee advising on federal privacylegislation. EPIC Executive Director Marc Rotenberg recently wrote in the New York Times, "There is still much that Congress can do to strengthen privacy protections for Americans. Enacting federal baseline legislation and establishing a data protection agency would be a good start." EPIC also sent the Committee EPIC commentaries from the Financial Times, Techonomy, the OECD Observer, and the Harvard International Review.

Tags:

GDPR

Posted by EPIC on March 11, 2019 3:35 PM | Permalink

Senator Hawley Says FTC Approach to Big Tech is "Toothless"

Senator Josh Hawley (R-MO) has sent a letter to the Federal Trade Commission urging a more aggressive approach to privacy protection. Senator Hawley outlined the many privacy violations by tech giants in recent years, including Facebook's failure to honor the promises it made when it acquired WhatsApp, Google's use of location data, and the disclosure of personal information to third parties by many platforms. "There is no excuse for inaction," Senator Hawley said. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder, @FTC.

Tags:

Facebook
FTC

Posted by EPIC on March 11, 2019 3:40 PM | Permalink

EPIC Challenges Facial Recognition at Airport, Files FOIA Lawsuit for Agency Procedures

EPIC has filed a Freedom of Information Act lawsuit to determine whether the U.S. government is allowing travelers to opt-out of facial recognition at airports. The "alternative screening procedures" should allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens" according to the CBP. But research by EPIC indicates that Custom and Border Protection has modified the program, making it increasingly difficult for travelers to opt-out. This week, Buzzfeed featured documents EPIC obtained about this flawed facial recognition program, which the Administration is seeking to establish at all U.S. airports. EPIC has urged Congress to suspend the CBP Biometric Entry-Exit program until privacy safeguards and meaningful opt-out procedures are established. The case is EPIC v. CBP, No. 19-cv-689 (D.D.C. March 12, 2019).

Tags:

Posted by EPIC on March 12, 2019 12:40 PM | Permalink

Senators Markey, Hawley Introduce Children's Privacy Legislation

Senators Edward Markey (D-Mass.) and Josh Hawley (R-Mo.) have introduced legislation to update the Children's Online Privacy Protection Act (COPPA). The bill bans internet companies from collecting personal or location information from children under 13 without parental consent and from teens ages 13-15 without the user's consent. EPIC testified before Congress in support of the original children's privacy law and backed the 2013 regulations that updated the law. EPIC recently submitted comments in support of the FTC's proposed extension of the information collection requirements for COPPA, but said the law "would be more effective if the FTC established new limits on how firms can collect and use children's data."

Tags:

Posted by EPIC on March 12, 2019 2:50 PM | Permalink

Following EPIC FOIA, Senators Tell DHS to Suspend Facial Recognition

After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program. The Senators stated that "DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether." Today EPIC filed a Freedom of Information lawsuit, EPIC v. CBP, to determine whether the agency is allowing travelers to opt-out of facial recognition. EPIC's earlier lawsuit against the DHS led to the removal of backscatter x-ray devices at US airports.

Tags:

Posted by EPIC on March 12, 2019 6:15 PM | Permalink

Court Gives School Officials Immunity in Suit Over Search of Student's Cell Phone

The Eleventh Circuit has issued a decision in Jackson v. McCurry. A student's family filed the case after school officials searched her cell phone without probable cause. The appeals court ruled against the the student because the law limiting searches of student cell phones was not "clearly established." EPIC filed an amicus brief, arguing that searches of student phones should be "limited to those circumstances when it is strictly necessary" after the Supreme Court's decision in Riley v. California. EPIC wrote that "most teenagers today could not survive without a cellphone." The court recognized the need to limit school searches of cell phones, noting that "the reasoning of Riley treats cellphone searches as especially intrusive in comparison to searches incident to arrest of personal property" and that "a search of a student's cellphone might require a more compelling justification than that required to search a student's other personal effects." However, the court refused to hold that this right was "clearly established." EPIC routinely files amicus briefs in cases raising new privacy issues. EPIC has also long advocated for greater student privacy protections, including a Student Privacy Bill of Rights.

Tags:

Posted by EPIC on March 13, 2019 2:20 PM | Permalink

EPIC to Congress: FOIA Works

In advance of a hearing on the Freedom of Information Act, EPIC highlighted several recent open government cases. EPIC told the Committee about documents EPIC obtained through FOIA requests and litigation, including documents EPIC obtained, widely reported this week, about the plan to expand facial recognition at US airports. EPIC also described records obtained from the Federal Trade Commission about the agency's failure to enforce the consent order against Facebook. And EPIC described the open government case against the IRS seeking the release of President Trump's tax returns. Since 2001, EPIC has published an annual FOIA gallery in honor of Sunshine Week.

Tags:

FOIA

Posted by EPIC on March 13, 2019 2:30 PM | Permalink

EPIC to Congress: Suspend the Census Citizenship Question

In advance of a hearing on the 2020 Census, EPIC has sent a statement to the House Oversight Committee urging Congress to require the Census Bureau to remove the citizenship question from the 2020 census. EPIC told the Committee that the Census Bureau failed to complete privacy impact assessments required by law. "Congress made clear that data collection simply could not occur without the completion of these assessments" EPIC explained. In EPIC v. Commerce, a case now before the D.C. Circuit Court of Appeals, EPIC recently filed an opening brief to block the Census Bureau from collecting citizenship data in the 2020 Census. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that "major privacy risks have not been addressed by the agency."

Tags:

Posted by EPIC on March 13, 2019 5:20 PM | Permalink

EPIC Among Nation's Leading FOIA Litigators

A report from the FOIA Project places EPIC among the top FOIA litigators in the United States, as measured by the number of FOIA lawsuits filed between 2001 and 2018. The FOIA Project provides comprehensive information on federal FOIA matters, including initial FOIA requests, administrative appeals, and FOIA lawsuits, and is operated by the Transactional Records Access Clearinghouse. The 2018 report on litigation by nonprofit groups finds that EPIC has filed a total of 74 FOIA lawsuits between 2001 and 2018, approximately divided between Democratic and Republican administrations. The other groups in the top 5 are Judicial Watch (391), ACLU (130), PEER (94), and CREW (88). EPIC celebrated Sunshine Week with the 2019 EPIC FOIA Gallery, highlighting important EPIC FOIA cases from the past year.

Tags:

FOIA

Posted by EPIC on March 14, 2019 9:40 AM | Permalink

Internet of Things Legislation Introduced in Senate, House

Bipartisan legislation governing the Internet of Things was introduced this week in the Senate and House of Representatives. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 in the Senate, and Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) filed the bill in the House. The legislation would require the National Institute of Standards and Technology to set baseline security standards for Internet-connected devices. EPIC has diligently advocated for stronger regulation of IoT, and called attention to the privacy and security risks of connected cars in comments to NTHSA, complaints to the CFPB, congressional testimony, FTC workshops, petitions to NHTSA and an amicus brief to Ninth Circuit.

Tags:

Posted by EPIC on March 14, 2019 9:50 AM | Permalink

U.S. Releases Annual Human Rights Report

The U.S. Department of State has released the annual report on human rights practices across the globe. The State Dept. report reviews adherence to "internationally recognized individual, civil, political, and worker rights, as set forth in the Universal Declaration of Human Rights and other international agreements," including the arbitrary or unlawful interference with privacy. The 2018 report highlights China's social credit system which "quantifies a person's loyalty to the government by monitoring citizens' online activity and relationships." The report also cites the Indian Supreme Court ruling that privacy is a fundamental right and Turkish authorities' investigation of more than 45,000 social media accounts between 2016 and April 2018. Two EPIC publications - The Privacy Law Sourcebook 2018 and Privacy and Human Rights: An International Survey of Privacy Laws and Developments - provide a comprehensive overview of privacy frameworks around the world and track emerging privacy challenges.

Tags:

Posted by EPIC on March 14, 2019 10:30 AM | Permalink

National Archives Provides to EPIC Index of Kavanaugh Records

In response to EPIC's Freedom of Information Act lawsuit, the National Archives has provided an index of Justice Kavanaugh's records that contains an accounting of all records released by the National Archives so far. The letter includes an index of all e-mail and text files, including those withheld in full or in part. There was unprecedented secrecy surrounding the nomination of Judge Kavanaugh to the Supreme Court. EPIC's FOIA lawsuit and a related request by Senator Richard Blumenthal resulted in the public release of hundreds of thousands of pages about Judge Kavanaugh's work in the White House. The records include communications between Kavanaugh and John Yoo, the architect of the warrantless surveillance program.

Tags:

Posted by EPIC on March 14, 2019 4:20 PM | Permalink

US AI Commission Holds Secret Meeting on National AI Policy

The National Security Commission on Artificial Intelligence held its first meeting this week, in secret. The Commission is tasked with advising the federal government on artificial intelligence. The Commission was established by the National Defense Authorization Act. Federal law requires commissions to operate transparently, yet the AI Commission provided no notice of the meeting and no opportunity for public participation. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC is now seeking the public release of the documents distributed at the AI Commission meeting.

Tags:

AI Commission

Posted by EPIC on March 15, 2019 10:20 AM | Permalink

EPIC Urges FAA to Require Remote ID for Drones

EPIC, joined by other privacy groups, submitted comments on the FAA’s interim final rule for external ID for drones. The proposal requires the external display of registration numbers on drones. While EPIC agreed external marking are preferable to hidden identifiers, EPIC said the rule did not go far enough. EPIC wrote, “Because drones present substantial privacy and safety risks, EPIC recommends that the FAA require any drone operating in the national airspace system to broadcast location when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information[.]” EPIC also suggested the agency require operators register and broadcast surveillance capabilities. EPIC has long advocated for remote identification mandates for drones and petitioned for regulation of these surveillance tools.

Tags:

Posted by Jeramie D. Scott on March 15, 2019 8:45 PM | Permalink

EPIC Seeks from FTC All Consumer Complaints about Facebook

EPIC has filed an urgent Freedom of Information Act request to the Federal Trade Commission seeking all pending complaints. As a result of the extensive work of consumer organizations, the Commission issued a consent order against Facebook in 2011 barring the company from making any future misrepresentations about the privacy and security of a user's personal information. But the FTC has failed to issue any fines or declare any of Facebook's actions, including the Cambridge Analytical scandal, a violation of the consent order. The FTC has also not published the number of pending consumer complaints against Facebook. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder.

Tags:

Posted by EPIC on March 18, 2019 2:50 PM | Permalink

Press Conference: Facebook, Privacy, and the Consent Order (Capitol Hill, March 19)

On Tuesday, March 19 at 2 pm, EPIC will host a press conference moderated by EPIC President Marc Rotenberg. The event will take place at the Fund for Constitutional Government, on Capitol Hill, across the street from the US Supreme Court. Participants include speakers from U.S. PIRG, Public Citizen, and EPIC. The event will focus on Facebook, the Federal Trade Commission, privacy and the 2011 consent order. EPIC has launched the #EnforceTheOrder Campaign to urge action on the consent order. In 2011, the agency issued a sweeping order against Facebook. The FTC Chairman said at the time, "Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users. Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not." Press advisory. Flyer.

Tags:

Facebook
FTC

Posted by EPIC on March 18, 2019 3:00 PM | Permalink

Rep. Cicilline: FTC Must Investigate Facebook's Antitrust Violations

In a New York Times op-ed, Congressman David Cicilline (D-RI), Chairman of the House Judiciary Committee's Subcommittee on Antitrust, has asked the FTC to investigate Facebook for violating antitrust laws. Citing EPIC's work, Chairman Cicilline said "For years, privacy advocates have alerted the commission that Facebook was likely violating its commitments under the agreement. Not only did the commission fail to enforce its order, but by failing to block Facebook's acquisition of WhatsApp and Instagram, it enabled Facebook to extend its dominance." Rep. Cicilline made clear that data merger deals implicate competition law, which EPIC has long argued. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. EPIC has launched the #EnforceTheOrder campaign to urge action on the consent order.

Tags:

Facebook
FTC

Posted by EPIC on March 19, 2019 11:45 AM | Permalink

EPIC, Coalition Call on Congress to End NSA Surveillance Program

EPIC joined civil liberties organizations this week in a statement to the House Judiciary Committee, calling for a permanent end to the NSA's phone record collection program. The groups asked that Congress to "hold hearings and make public information critical to permit an informed debate over the reauthorization of Section 215 and other provisions of the Patriot Act, which are set to expire December 15, 2019." The National Security Agency has reportedly ended the collection of Americans' phone records. The USA Freedom Act limited the NSA's bulk collection program. The NSA also acknowledged compliance problems and opposition to renewal is growing. In 2013, EPIC filed a petition with the Supreme Court, challenging the lawfulness of the NSA program. EPIC previously called for an end to the phone record collection program.

Tags:

Posted by EPIC on March 20, 2019 12:40 PM | Permalink

Supreme Court Remands Controversial Cy Pres Deal

The Supreme Court today sent Frank v. Gaos back to the lower courts because the Court could not decide if the proposed settlement in a privacy case was "fair, reasonable, and adequate" or if the case was properly before the Court. The case involves Google's disclosure of search histories to third parties without consent, a business practice that could violate several privacy laws. Under the terms of the settlement, there was no benefit to Internet users and Google was not prohibited from continuing the allegedly unlawful practice. In an amicus brief, EPIC stated, "the proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several organization objected to the original settlement on three separate occasions. EPIC routinely opposes settlements that fail to provide an actual benefit to Internet users. In this case, the Justices ordered the parties to address whether the Spokeo v. Robbins decision permits consumer privacy to go forward. EPIC filed a brief in Spokeo in support of consumers, and has filed similar briefs siding with consumers in several other cases.

Tags:

Posted by EPIC on March 20, 2019 4:50 PM | Permalink

ANALYSIS: Justice Thomas Charts Path for Consumer Privacy Cases

In his dissenting opinion in Frank v. Gaos, Justice Thomas set out two key guidelines for future consumer privacy litigation. First, Justice Thomas said that consumer privacy cases could go forward when a "private right" is violated, such as when a violation of a federal privacy law is alleged. The Supreme Court adopted a somewhat more narrow standard in the Spokeo v. Robbins case. Second, Justice Thomas made clear that class action settlements must provide a "meaningful" benefit to class members, which could include monetary relief or a change in business practices. Justice Thomas opposed the settlement in Gaos, explaining "because the class members here received no settlement fund, no meaningful injunctive relief, and no other benefit whatsoever in exchange for the settlement of their claims...." Justice Thomas did not rule out cy pres remainder settlements for "disposing of unclaimed or undistributable class funds" or cy pres-only settlements that provide some actual benefit to class members. EPIC set out very similar views in an amicus brief for the Supreme Court in the Gaos case, in related amicus briefs on standing and in court filings on class action fairness, as well as an academic article calling for reform of cy pres settlements.

Tags:

Posted by EPIC on March 21, 2019 10:20 AM | Permalink

Senators Introduce Facial Recognition Privacy Act

U.S. Senators Roy Blunt [R-MO] and Brian Schatz [D-HI] introduced a bill to protect consumers from companies collecting facial images. Senator Schatz said: "Our faces are our identities. They're personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces." EPIC previously urged the FTC to stop Facebook's use of facial recognition to capture personal identity. In 2018, EPIC charged that Facebook's facial recognition practices lacks privacy safeguards and violate the 2011 Consent Order with the FTC. EPIC has urged the FTC to #EnforceTheOrder as a one-year deadline approaches.

Tags:

Posted by EPIC on March 21, 2019 1:25 PM | Permalink

White House Launches AI Website, Questions About Public Input Remain

A new White House website "Artificial Intelligence for the American People" emphasizes "AI for American Innovation, AI for American Industry, AI for the American Worker, and AI with American Values," but still provides no opportunities for public input. The National Commission on Artificial Intelligence, tasked with advising the federal government on AI policy, also recently held its first meeting in secret. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC has urged US support for the Universal Guidelines for AI, a policy framework emphasizing fairness, accountability, and transparency for AI systems.

Tags:

Posted by EPIC on March 21, 2019 3:25 PM | Permalink

EPIC to Supreme Court: Access to Commercial Records is Critical for Government Oversight

EPIC has filed an amicus brief urging the Supreme Court to protect the public's right to access commercial information held by federal agencies. EPIC described several of its own FOIA case -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. EPIC also warned that private parties, "acting on behalf of public agencies and with public funding," often hide their activities. EPIC wrote, "The public must have access to commercial information in agency records to conduct effective oversight of government programs that implicate privacy." EPIC has filed several amicus briefs for the US Supreme Court and other federal courts in Freedom of Information Act cases. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the brief. The case is Food Marketing Institute v. Argus Leader Media, No. 18-481.

Tags:

Posted by EPIC on March 22, 2019 10:33 AM | Permalink

EPIC Files First Lawsuit for Special Counsel Report on Russian Election Interference

EPIC has filed a Freedom of Information Act lawsuit to obtain the final report by Special Counsel Robert Mueller concerning Russian interference in the 2016 U.S. presidential election. Attorney General William Barr notified Congress on Friday that the Special Counsel had delivered the final report. In November 2018, EPIC submitted a detailed Freedom of Information Act request to the Department of Justice seeking records about the investigation. The Special Counsel was authorized to conduct an investigation into Russian interference, including "any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump." Special Counsel Mueller has since brought criminal charges against 34 individuals and three organizations. EPIC, through its Democracy and Cybersecurity Project, has pursued multiple FOIA cases concerning Russian interference with the 2016 election, including EPIC v. FBI (response to Russian cyberattacks), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), EPIC v. IRS II (release of Trump's offers-in-compromise), and EPIC v. DHS (election cybersecurity). The case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.) [Exhibits].

Tags:

Posted by EPIC on March 22, 2019 5:50 PM | Permalink

Supreme Court Won’t Disturb Data Breach Decision

The Supreme Court today declined to review Zappos.com, v. Stevens, a decision that allowed consumers to sue the online retailer following a breach of their personal data. More than 24 million Zappos customers were affected by the breach, which included account numbers and passwords. Zappos tried to block the lawsuit, claiming that consumers had to show additional damages. The Ninth Circuit rejected that argument, and the Supreme Court left the decision of the appeals court in place. EPIC has filed amicus briefs in similar data breach cases, including Attias v. Carefirst, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches.” EPIC regularly files amicus briefs defending consumer privacy and addressing emerging privacy challenges.

Tags:

Posted by Alan Butler on March 25, 2019 1:05 PM | Permalink

EPIC to House Oversight Committee: U.S. Data Protection Agency Needed to Protect Consumers

In advance of a hearing on "Improving Cybersecurity at Consumer Reporting Agencies," EPIC sent a statement to the House Oversight Committee urging the creation of a data protection agency in the United States. "The FTC also lacks the ability, authority and expertise to engage the broad range of challenges we now confront," EPIC said. EPIC cited the Federal Trade Commission's limited ability to enforce basic data protection standards, and the growing dangers of data breach, identity theft, and cyber attacks by foreign adversaries. The U.S. is one of the few democracies in the world that does not have a federal data protection agency. EPIC wrote about the need for a U.S. data protection agency in the New York Times, the Hill, and Techonomy.

Tags:

Posted by EPIC on March 26, 2019 5:40 PM | Permalink

EPIC to Senate Committee: Privacy Rules Can Help Level Playing Field for Small Business

In advance of a hearing on "Small Business Perspectives on a Federal Data Privacy Framework," EPIC has sent a statement to the the Senate committee on consumer protection. EPIC said that over the last two decades, an absence of privacy regulation has led to a growing concentration of internet services. "Privacy rules could help level the playing field," EPIC said. EPIC also warmed against preempting state laws, citing California's data breach legislation as an example. "A federal law that preempted California's ability to respond to new threats would have placed consumers and businesses at risk," EPIC said.

Tags:

Posted by EPIC on March 26, 2019 5:50 PM | Permalink

Supreme Court Hears Arguments in Case About FCC Privacy Rules

The Supreme Court has heard oral arguments in PDR Network v. Carlton & Harris Chiropractic, which concerns a company's efforts to disregard an FCC rule about junk faxes. EPIC filed an amicus brief in the case. In the brief, EPIC explained that permitting companies to avoid FCC rules "will exclude the voices of consumers" in agency decision making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.

Tags:

amicus
tcpa

Posted by EPIC on March 26, 2019 6:00 PM | Permalink

Senators Question DOJ About Surveillance of Americans' Location Data

A bipartisan group of Senators, including Senator Patrick Leahy, sent a series of questions last week to Attorney General William Barr about the government's surveillance of Americans' location data. The Senators specifically asked how the Supreme Court's decision in Carpenter v. United States has impacted government surveillance programs. In Carpenter, the Court ruled that the government could not collect cell phone location data without a warrant, even if that data was held by the phone company. The Senator's questions concern possible collection of location data by intelligence agencies as well as during criminal investigations. EPIC has sued the Department of Justice to obtain records of the number of surveillance applications for location data submitted by federal prosecutors in prior years. EPIC also filed a "friend of the court" brief in Carpenter, and urged the Court to extend Constitutional protection to cell phone data. EPIC also provides the public with access to and information about the federal wiretap reports, which provide important statistics about the use of other surveillance authorities. These reports have not yet been updated to address location data collection.

Tags:

Posted by EPIC on March 26, 2019 6:10 PM | Permalink

EPIC Urges Senate to Strengthen US Privacy Laws for Cross Border Data Flows

EPIC sent a statement to a Senate committee on Foreign Relations regarding the nomination of Keith Krach to Under Secretary of State. Krach would serve as the US Privacy Shield Ombudsperson, a pivotal role concerning the transfer of personal data between the EU and the US. EPIC took no position on the nominee, but wrote to underscore the urgency of Congressional action to safeguard the privacy interests of Americans. EPIC explained that foreign governments are reluctant to permit the transfer of the personal data of their citizens to the U.S. due to the U.S.'s lax privacy laws. EPIC recommended Congress take three steps to update U.S. privacy law: (1) enact the comprehensive baseline privacy legislation, (2) establish an independent data protection agency, and (3) ratify the International Privacy Convention.

Tags:

Posted by Caitriona Fitzgerald on March 26, 2019 9:53 PM | Permalink

EPIC FOIA - FTC Confirms More than 25,000 Facebook Complaints are Pending

In response to a FOIA request from EPIC, the FTC has confirmed that there are over 25,000 complaints about Facebook pending with the Commission. In the eight (8) years since the FTC announced a consent order barring Facebook from making any misrepresentations about use privacy, the FTC has not taken a single enforcement action against the company. And one year has now passed since the FTC announced the reopening Facebook investigation after news of the Cambridge Analytica data breach. EPIC has urged the FTC to #EnforceTheOrder against Facebook.

Tags:

Facebook
FTC

Posted by EPIC on March 27, 2019 11:20 AM | Permalink

D.C. Circuit Greenlights EPIC Appeal Concerning Predictive Policing, Executive Privilege

The D.C. Circuit has rejected an attempt by the Department of Justice to cut short EPIC’s appeal in EPIC v. DOJ, a FOIA case concerning predictive policing, algorithmic transparency, and executive privilege. The appeal will now be argued before a three-judge panel of the D.C. Circuit. EPIC’s case calls for the disclosure of a “Predictive Analytics Report” drafted by the DOJ for the White House. A lower court backed the DOJ last year when the agency asserted the “presidential communications privilege” over the report. But neither the D.C. Circuit nor the Supreme Court has ever permitted a federal agency to unilaterally invoke that privilege in a FOIA case. EPIC recently filed a FOIA suit for the release of the Mueller Report, which President Trump may attempt to withhold from the public using executive privilege. EPIC has pursued numerous FOIA cases concerning algorithmic transparency, passenger risk assessment, "future crime" prediction, and proprietary forensic analysis.

Tags:

Posted by John Davisson on March 28, 2019 1:12 PM | Permalink

Federal Government Charges Facebook with Housing Discrimination, Algorithmic Profiling at Issue

The Department of Housing and Urban Development has charged Facebook with violating the Fair Housing Act by enabling discrimination through user profiling on the advertising platform. “Facebook is discriminating against people based upon who they are and where they live,” said HUD Secretary Ben Carson. “Using a computer to limit a person’s housing choices can be just as discriminatory as slamming a door in someone’s face.” EPIC supports "algorithmic transparency,” which could reduce bias and help ensure fairness in automated decisionmaking. EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC has pursued numerous FOIA cases concerning algorithmic transparency, passenger risk assessment, "future crime" prediction, and proprietary forensic analysis.

Tags:

algorithmic transparency

Posted by Caitriona Fitzgerald on March 28, 2019 8:53 PM | Permalink

Appeals Court Refuses to Find Dating App Liable in Abuse Case

A federal appellate court has refused to find a dating app liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the law Section 230 of the Communications Decency Act was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues.

Tags:

Posted by Caitriona Fitzgerald on March 28, 2019 8:55 PM | Permalink

EPIC Backs Principles for Student Safety, Privacy, and Equity

EPIC joined forty education, privacy, disability rights, and civil rights organizations to support ten principles for school safety. The principles promote student safety measures that are evidence-based and oppose the surveillance-based measures that have been proposed in many states. In 2014 EPIC urged Congress to adopt the Student Privacy Bill of Rights to safeguard student privacy. In 2012, EPIC sued the Department of Education after it weakened a rule to protect the privacy of student records. Last year EPIC filed an amicus brief in Jackson v. McCurry, stating that teachers may not search a student's cell phone unless they have followed an explicit school policy that complies with Fourth Amendment requirements.

Tags:

student privacy

Posted by Caitriona Fitzgerald on March 29, 2019 9:34 AM | Permalink

New FCC Regulation of Robocalls

The FCC published a final rule on robocalls that establishes a single database for reassigned phone numbers, sets a minimum period of 45 days before a disconnected number may be reassigned to a new subscriber, and adopts a limited safe harbor from liability for any caller that relies upon inaccurate information in the database. EPIC submitted comments for this rulemaking, recommending that the FCC (1) require phone providers to proactively block calls from numbers that are unassigned, unallocated, or invalid; (2) prohibit spoofing if there is an intent to defraud or cause harm; and (3) encourage the use of call authentication technology that safeguards caller anonymity. EPIC has long advocated for robust telephone privacy protections. EPIC filed an amicus brief in 2015 that strengthened consumer protections for robocalls.

Tags:

Posted by Caitriona Fitzgerald on March 29, 2019 9:37 AM | Permalink

EPIC Warns Appellate Court of Google’s Flawed, Secretive, Massive File Scanning Program

EPIC has filed an amicus brief in United States v. Wilson, a case concerning Google’s scanning of billions of personal files for suspected unlawful content, at the behest of the federal government. EPIC argued that “because neither Google nor the Government explained how the image matching technique actually works or presented evidence establishing accuracy and reliability, the Government’s search was unreasonable.” EPIC also explained that “the lower court made a key mistake” by confusing file hashing, which uniquely identifies a file, and image matching, which is prone to false positives. Last year, EPIC filed an amicus brief in a similar case, United States v. Miller. EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques.

Continue reading "EPIC Warns Appellate Court of Google’s Flawed, Secretive, Massive File Scanning Program" »

Tags:

Posted by Caitriona Fitzgerald on March 29, 2019 9:49 AM | Permalink

Congressional Leaders Ask GAO To Review Agency Compliance with FOIA

Democratic and Republican leaders in the Senate and the House have sent a letter to the Government Accountability Office requesting a comprehensive review of compliance with the Freedom of Information Act across the federal government. The letter was spearheaded by Rep. Cummings (D-MD), Senator Leahy (D-VFT), Senator Grassley (R-IA), Senator Feinstein (D-CA), Senator Cornyn (R-TX), and Rep. Jordan (R-OH). The letter stated that the GAO’s 2018 assessment revealed “inconsistent and incomplete” agency compliance with the FOIA between 2012-2016. The GAO report found that 18 agencies only implemented half of the FOIA requirements since the 2016 amendments and some agencies had backlogs of more than 1,000 FOIA requests. As part of EPIC’s Open Government project, EPIC frequently uses FOIA to obtain information about the government to improve government oversight and accountability.

Tags:

foia

Posted by Caitriona Fitzgerald on March 29, 2019 10:24 AM | Permalink

EPIC Seeks Injunction for Expedited Release of Mueller Report

EPIC has filed a motion for a preliminary injunction to secure the expedited release of the Mueller Report and other records concerning Russian interference in the 2016 presidential election. EPIC filed suit against the Department of Justice last week after the agency failed to process EPIC’s Freedom of Information Act request. In the motion for an injunction, EPIC explained that "Few, if any, government documents in the recent history of the United States have commanded more attention than the Mueller Report,” yet the public "remains in the dark as to the most consequential government investigation in recent history." The EPIC Democracy and Cybersecurity Project has pursued multiple FOIA cases concerning Russian interference with the 2016 election, including EPIC v. FBI (response to Russian cyberattacks), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), EPIC v. IRS II (release of Trump business tax records), and EPIC v. DHS (election cybersecurity). The case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.).

Tags:

Posted by Caitriona Fitzgerald on March 29, 2019 9:00 PM | Permalink

Idaho Enacts Law Requiring Transparency in Pre-Trial Risk Assessments

Idaho became the first state to pass a law specifically promoting transparency, accountability, and explainability in pre-trial risk assessment tools. Pre-trial risk assessments are algorithms that help inform sentencing and bail decisions for defendants. The law prevents a trade secrecy or IP defense, requires public availability of “all documents, data, records, and information used by the builder to build or validate the pretrial risk assessment tool,” and empowers defendants to review all calculations and data that went into their risk score. The law became effective on July 1, 2019. EPIC has consistently advocated for Algorithmic Transparency and urges jurisdictions to use the Universal Guidelines for Artificial Intelligence as a guideline for AI policy.

Continue reading "Idaho Enacts Law Requiring Transparency in Pre-Trial Risk Assessments" »

Tags:

Posted by Caitriona Fitzgerald on March 28, 2019 11:28 AM | Permalink