epic.org: April 2019 Archives

Utah Becomes First State to Require Warrant for Data Held by Third-parties

The State of Utah has become the first state in the nation to require law enforcement to obtain a warrant to obtain electronic data held by third parties such as wireless providers, email providers, search engines, or social media companies. House Bill 57, sponsored by State Representative Craig Hall (R) was signed by Governor Gary Herbert last week. Last year, the Supreme Court ruled in Carpenter v. United States that the Fourth Amendment protects location records generated by mobile phones. Recognizing that other types of data were in equal need of protections, Chief Justice John Roberts, writing for the Court, said "legislation is much preferable to the development of an entirely new body of Fourth Amendment case law." Utah took that advice and passed broad protections for essentially all data held by third-parties, with exceptions in emergency circumstances. EPIC filed an amicus brief in the Carpenter case, has recommended updates to the Electronic Communications Privacy Act, and recently proposed a comprehensive strategy for Congress to update federal law after the Carpenter decision.

Continue reading "Utah Becomes First State to Require Warrant for Data Held by Third-parties" »

Tags:

Posted by Caitriona Fitzgerald on April 1, 2019 2:26 PM | Permalink

In Amicus Brief, EPIC Urges Supreme Court to Remove Census Citizenship Question

EPIC filed an amicus brief in Department of Commerce v. New York, urging the Supreme Court to uphold a New York federal judge’s decision to remove the citizenship question from the 2020 Census. EPIC warned that “collecting citizenship status information from hundreds of millions of U.S. residents presents enormous privacy and security concerns.” EPIC described the history of census privacy, including EPIC’s 2004 FOIA lawsuit which revealed that the Census Bureau transferred data on Arab-Americans to the DHS after 9/11. EPIC also explained that, “in failing to assess the risks that would result from the collection of personal data regarding citizenship status, the Census Bureau has violated its obligations under the E-Government Act." In a related matter, EPIC’s lawsuit to block the citizenship question, EPIC v. Commerce, is currently before the D.C. Circuit with an argument scheduled for May 8. EPIC has charged that the Census Bureau failed to complete required Privacy Impact Assessments prior to the decisions to collect personal data about citizenship. The Bureau concedes that it must complete the impact assessments but has so far failed to do so.

Continue reading "In Amicus Brief, EPIC Urges Supreme Court to Remove Census Citizenship Question" »

Tags:

Posted by Caitriona Fitzgerald on April 1, 2019 2:32 PM | Permalink

Report: FBI Victim Notification Procedures ‘Unreliable’ and ‘Incomplete’

The FBI’s system for notifying victims of cyberattacks is “unreliable” and “incomplete,” according to a report by the Inspector General for the Department of Justice. The IG report found that “not all victims were informed of their rights as required by” DOJ guidelines, which are “outdated since they do not consider the needs of victims of cybercrime.” In 2017, EPIC obtained through EPIC v. FBI, a FOIA lawsuit, the FBI Victim Notification Procedures that should have applied to Russian cyberattacks during the 2016 Presidential election. The FBI Notification Procedures made clear that notification should occur “even when it may interfere with another investigation or (intelligence) operation.” The records obtained by EPIC led to Associated Press investigation ("FBI gave heads-up to fraction of Russian hackers’ US targets”), which found that the FBI did not follow the Procedures and failed to notify U.S. officials that their email accounts were compromised. The EPIC Democracy and Cybersecurity Project has pursued multiple FOIA cases concerning Russian interference with the 2016 election, including EPIC v. DOJ (the Mueller Report), EPIC v. ODNI (Russian hacking), EPIC v. IRS I release of Trump's tax returns), EPIC v. IRS II (release of Trump business tax records), and EPIC v. DHS (election cybersecurity).

Tags:

Posted by Caitriona Fitzgerald on April 1, 2019 2:35 PM | Permalink

Court Schedules April 9 Hearing in EPIC Case for Release of Mueller Report

A federal district court in Washington DC has set Tuesday, April 9 for a hearing in EPIC v. Department of Justice, EPIC’s lawsuit to compel the public release of the Mueller Report. Judge Reggie B. Walton also ordered the Justice Department to respond to EPIC’s motion for a preliminary injunction by Friday, April 5. EPIC filed the lawsuit after the Justice Department failed to process EPIC’s Freedom of Information Act request. In the motion for an injunction, EPIC explained that the public "remains in the dark as to the most consequential government investigation in recent history." The EPIC Democracy and Cybersecurity Project has pursued several FOIA cases concerning Russian interference with the 2016 election. In EPIC v. FBI (response to Russian cyberattacks), EPIC obtained the FBI victim notification procedures. In EPIC v. ODNI (Russian hacking), EPIC confirmed that Russia engaged in a “multi-pronged” attack against the U.S. elections. In EPIC v. IRS I, EPIC sought the release of President Trump’s tax returns. In EPIC v. IRS II, EPIC is seeking the release of related business returns. And in EPIC v. DHS (election cybersecurity), EPIC obtained documents about election security procedures. The case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.).

Tags:

Posted by John Davisson on April 1, 2019 6:01 PM | Permalink

Breaking: Justice Department Agrees to Expedite EPIC’s Request for Mueller Report

The Department of Justice has agreed to expedite EPIC’s Freedom of Information Act request for the Mueller Report. The DOJ’s concession comes after EPIC sought a preliminary injunction to compel the immediate release of the report. EPIC filed the first lawsuit in the nation for the release of the Mueller Report and related Special Counsel records. In EPIC’s motion for an injunction, EPIC explained that the public "remains in the dark as to the most consequential government investigation in recent history." The EPIC Democracy and Cybersecurity Project has pursued numerous FOIA cases concerning Russian interference with the 2016 election. In EPIC v. FBI (response to Russian cyberattacks), EPIC obtained the FBI victim notification procedures. In EPIC v. ODNI (Russian hacking), EPIC confirmed that Russia engaged in a “multi-pronged” attack against the U.S. elections. In EPIC v. IRS I, EPIC sought the release of President Trump’s tax returns. In EPIC v. IRS II, EPIC is seeking the release of related business returns. And in EPIC v. DHS (election cybersecurity), EPIC obtained documents about election security procedures. The case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.).

Tags:

Posted by Caitriona Fitzgerald on April 2, 2019 9:10 PM | Permalink

Bipartisan Group of Senators, Representatives File Bill To End NSA Surveillance Program

Sens. Ron Wyden (D-Ore.), and Rand Paul (R-Ky.), and Reps. Justin Amash (R-Mich.), and Zoe Lofgren (D-Calif.) have introduced The Ending Mass Collection of Americans' Phone Records Act. The bill would end the NSA's collection of Americans' phone records, known as "Section 215" authority, which is set to expire on December 15, 2019. EPIC recently joined civil liberties organizations in a statement calling for the end to the NSA's phone record collection program. The USA Freedom Act limited the NSA's collection program, but the NSA has acknowledged compliance problems. In 2013, EPIC filed a petition with the Supreme Court, challenging the lawfulness of the NSA program. EPIC has long called for an end to the phone record collection program.

Tags:

Posted by EPIC on April 3, 2019 12:20 PM | Permalink

Bill to Limit Robocalls Moves Forward in Senate

The Senate Commerce Committee today approved a bill to strengthen the FCC's ability to prevent robocalls. The Telephone Robocall Abuse Criminal Enforcement and Deterrence or TRACED Act, enhances the FCC's authority to issue fines against robocallers, extends the statute of limitations, and promotes call authentication and blocking adoption. EPIC has long advocated for robust telephone privacy protections. Last week, EPIC submitted comments to the FCC recommending that the agency (1) require phone providers to block calls from numbers that are unassigned, unallocated, or invalid; (2) prohibit spoofing if there is an intent to defraud or cause harm; and (3) encourage the use of call authentication technology that safeguards caller anonymity. EPIC filed amicus briefs earlier this year and in 2015 that strengthened consumer protections for robocalls.

Tags:

Posted by EPIC on April 3, 2019 12:30 PM | Permalink

EPIC Provides U.S. Report for Privacy Experts Meeting

EPIC has provided a comprehensive report explaining the latest developments in U.S. privacy law and policy for the 65th meeting of the International Working Group on Data Protection, held this year in Bled, Slovenia. The Working Group includes Data Protection Authorities and experts from around the world who review emerging privacy challenges. The EPIC 2019 report details the reported shutdown of the NSA call record collection program, Congressional hearings on federal privacy legislation, the nomination of a Privacy Shield Ombudsperson, the Executive Order on Artificial Intelligence, and more. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.

Posted by EPIC on April 3, 2019 3:40 PM | Permalink

EPIC to Appropriations Committees: Suspend the Census Citizenship Question

EPIC has sent a statement to the House and Senate regarding the FY2020 appropriations for the Department of Commerce. EPIC urged Congress to require the Census Bureau to remove the citizenship question from the 2020 census, pending the completion of legally required Privacy Impact Assessments. EPIC told the committees that the Census Bureau failed to complete the Privacy Impact Assessments required by Section 208 of the E-Government Act. The Census Bureau concedes that it must complete the impact assessments but has so far failed to do so. "Congress made clear that data collection simply could not occur without the completion of these assessments," EPIC explained to Congress. In EPIC v. Commerce now before the D.C. Circuit Court of Appeals, EPIC argued that the collection of citizenship data without the privacy impact assessments is unlawful. EPIC warned the federal appeals court that, "major privacy risks have not been addressed by the agency."

Tags:

Posted by EPIC on April 3, 2019 4:50 PM | Permalink

EPIC to Congress: Funding for TSA Facial Recognition Program Must Be Halted

EPIC has sent a statement to the House Appropriations Committee regarding the TSA's FY2020 budget request, urging Congress to suspend the "Biometric Entry-Exit" program until privacy safeguards are established. EPIC said Congress should halt funding for TSA's facial recognition program "until CBP establishes proper privacy assessments, policies and procedures, and oversight mechanisms." EPIC recently filed a Freedom of Information Act lawsuit to determine whether travelers are able to to opt-out of facial recognition at airports. According to the CBP, the "alternative screening procedures" allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens." But research by EPIC indicates that CBP has made it increasingly difficult for travelers to opt-out.

Tags:

Posted by EPIC on April 3, 2019 5:00 PM | Permalink

EPIC FOIA - FTC Confirms Number of Pending Facebook Complaints, Doubling Every Two Years

In response to EPIC's Freedom of Information Act request, the FTC confirms that there are a total of 26,000 pending consumer complaints about Facebook made while under the consent order. In an e-mail to EPIC, the FTC provided a breakdown of the total number of complaints per year. In 2018 alone, the FTC received 8,391 consumer complaints about Facebook, nearly twice the number received in 2016 (4,612), and more than four times the number received in 2014 (1,860). In the eight years since the FTC entered the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. The FTC announced the reopening of the Facebook investigation in the wake of the Cambridge Analytica scandal. But more than a year later, the agency has failed to act. EPIC has repeatedly urged the FTC to #EnforceTheOrder against Facebook.

Tags:

Posted by EPIC on April 3, 2019 5:10 PM | Permalink

EPIC Urges House Appropriations to Examine FBI Response to Russian Cyber Attacks

EPIC has asked the House Appropriations Committee to explore the FBI's failure to respond to cyberattacks. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." But an AP investigation found that the FBI failed to notify hundreds of officials whose email was hacked during the 2016 election. Earlier this week, the Inspector General also found that the DOJ guidelines "do not consider the needs of victims of cybercrime." EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI.

Tags:

Posted by EPIC on April 5, 2019 10:40 AM | Permalink

EPIC to Congress: Safety Commission Must Regulate Internet-connected Devices

In advance of a hearing on “Protecting Americans from Dangerous Products," EPIC wrote to the House Commerce Committee that the Consumer Product and Safety Commission must do more to protect consumers and ensure security of IoT devices. In recent comments to the CPSC, EPIC urged the agency to regulate Internet of Things devices, pointing to weak privacy and security safeguards. EPIC advised the Commission to require manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques. EPIC told the House committee that “CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream.”

Tags:

Posted by Caitriona Fitzgerald on April 5, 2019 10:45 AM | Permalink

EPIC Seeks Records About Rep. Neal's Request for Trump's Tax Returns

EPIC has submitted a Freedom of Information Act request to the Internal Revenue Service for records related to Rep. Richard Neal's request for President Trump's tax returns. As Chairman of the House Ways and Means Committee, Rep. Neal has the authority under a section of the tax code to request and receive tax returns. Rep. Neal's letter demanded the IRS to turn over six years of tax returns from President Trump and his business entities and gave the agency until April 10, 2019 to comply with the committee’s request. EPIC previously urged Congress to obtain the public release of President Trump's tax returns. EPIC has also sought the release of the president's returns in two lawsuits: EPIC v. IRS I (President Trump's personal tax records) and EPIC v. IRS II (President Trump’s business tax records).

Tags:

Posted by EPIC on April 5, 2019 6:30 PM | Permalink

In EPIC Case, Justice Department Seeks to Delay Release of Mueller Report

In response to EPIC’s lawsuit seeking the Special Counsel Report—the Mueller Report—on Russian interference in the 2016 election, the Justice Department has filed an opposition to delay release of the report. EPIC filed the first lawsuit in the nation for the release of the Report. In EPIC’s motion for an injunction, EPIC explained that the public "remains in the dark as to the most consequential government investigation in recent history." After filing the lawsuit, EPIC offered to withdraw its motion if the Justice Department would promptly release the Mueller Report. The Justice Department agreed to expedite processing but declined to release the Report. In the court filing, the Justice Department acknowledged that there are over 400 pending FOIA requests related to the report of the Special Counsel. A hearing is scheduled before Judge Reggie Walton Tuesday morning at 9:00 at the U.S. District Court for the District of Columbia. EPIC's case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.).

Tags:

Posted by John Davisson on April 5, 2019 7:19 PM | Permalink

EPIC to Make Final Arguments for Release of Mueller Report

EPIC has filed a reply brief in its case for the the Mueller Report. EPIC explained that the public interest in the report is "overwhelming." EPIC wrote "there is no government document in recent memory that has generated more public interest." EPIC filed the first lawsuit in the nation for the release of the Special Counsel's report on Russian interference in the 2016 election. A court hearing in Washington, DC is scheduled for Tuesday morning at 9:00. EPIC's case is EPIC v. DOJ, No. 19-810 (D.D.C.). Press release. #ReleaseTheReport

Tags:

Posted by EPIC on April 8, 2019 2:00 PM | Permalink

European Commission Releases AI Policy Report

The European Commission's Expert Group on Artificial Intelligence has released Guidelines for Trustworthy AI. The EU Guidelines identify seven principles for ethical AI: (1) Human agency and oversight; (2) Robustness and safety; (3) Privacy and data governance (4) Transparency; (5) Diversity, non-discrimination and fairness; (6) Societal and environmental well-being; and (7) Accountability. The European Commission will open a pilot program to test implementation of the Guidelines for Trustworthy AI this summer. The EU Guidelines reflect several principles from the Universal Guidelines for Artificial Intelligence, which have been endorsed by more than 260 experts and 60 organizations in 40 countries. The Universal Guidelines are designed to protect human rights in the development and use of AI systems.

Tags:

Posted by EPIC on April 8, 2019 3:45 PM | Permalink

EPIC to Congress: Update Surveillance Safeguards

In a statement to the House Appropriations Committee, EPIC urged the panel to ensure that the Justice Department improves reporting on surveillance orders. "Even after the Supreme Court’s decision in Carpenter," EPIC said, "there is little to no information available to Congress or the public about how frequently the government is seeking this location data." EPIC asked the Committee to halt funding for wiretap programs until the Department of Justice improves the reporting procedures. For over 20 years, EPIC has reviewed the annual reports on the use of federal wiretap authority. EPIC also filed an amicus brief in the Carpenter case. The Supreme Court held that law enforcement must get a warrant to obtain cell site location information.

Tags:

Posted by EPIC on April 9, 2019 9:15 AM | Permalink

After DOJ Concedes Expedited Processing, Court Sets May 2 Deadline for Review of Mueller Report Release

Judge Reggie B. Walton has set a May 2 hearing date to review the release of the Mueller Report and other records sought by EPIC in a Freedom of Information Act lawsuit against the Department of Justice. During an hour-long hearing Tuesday morning, Judge Walton emphasized that the contents of the Mueller Report are an "extremely important subject matter to the nation." Judge Walton said the Justice Department should disclose the records sought by EPIC "as expeditiously as humanly possible," though he declined to set a fixed date for release. Attorney General Barr has said he will release the report by "mid-April, if not sooner." EPIC filed the first lawsuit in the nation for the release of the Special Counsel's report on Russian interference in the 2016 election. As a result of EPIC's lawsuit, the Justice Department agreed to expedite EPIC's FOIA request. EPIC's case is EPIC v. DOJ, No. 19-810 (D.D.C.). #ReleaseTheReport

Tags:

Posted by EPIC on April 9, 2019 11:05 AM | Permalink

EPIC to House Committee: Press FAA on Drone Privacy

As the House Appropriations Committee considers the Department of Transportation's FY2020 Budget, EPIC has urged the Committee to ensure that the FAA establish and publish drone privacy procedures as required by law. EPIC also said the FAA must require remote identification of drones. "Currently, individuals cannot hold drone operators accountable because it is essentially impossible to identify the drone or the operator of a drone," EPIC said. Last month, EPIC filed comments on the FAA's interim final rule for external ID for drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the 2016 rule authorizing commercial drone operations without any privacy safeguards.

Tags:

drones

Posted by EPIC on April 9, 2019 4:15 PM | Permalink

EPIC Urges Congress to Press ICE on Surveillance Practices

In a statement to the House Appropriations committee on Immigration and Customs Enforcement. EPIC urged close examination of the agency's profiling algorithms, warrantless searches of mobile devices, social media profiling, and the use of DACA application data for investigative purposes. EPIC said the committee should "limit funding pending assurances that ICE takes specific steps" to improve privacy. EPIC has filed multiple FOIA lawsuits against ICE regarding theses surveillance programs.

Tags:

Posted by EPIC on April 9, 2019 4:30 PM | Permalink

EPIC To Congress: Require Algorithmic Transparency For Dominant Internet Firms

In advance of a hearing regarding the filtering practices of internet companies, EPIC has sent a statement to the Senate Judiciary Committee. EPIC said that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. In 2011, EPIC sent a letter to the FTC stating that Google's acquisition of YouTube led to a skewing of search results after Google substituted its secret "relevance" ranking for the original objective ranking, based on hits and ratings. The FTC took no action on EPIC's complaint. But the European Commission found that Google rigged search results to give preference to its own shopping service. The European Commission required Google to change its algorithm to rank its own shopping comparison the same way it ranks its competitors.

Tags:

Algorithmic Transparency

Posted by EPIC on April 10, 2019 12:30 PM | Permalink

Lawmakers Introduce Algorithmic Accountability Act

Federal legislation introduced on Wednesday would require companies to conduct impact assessments to determine if their algorithms are "inaccurate, unfair, biased, or discriminatory." The Algorithmic Accountability Act is sponsored by Sen. Ron Wyden, Rep. Yvette Clarke, and Sen. Corey Booker. EPIC supports algorithmic transparency, which can reduce bias and help ensure fairness in automated decisionmaking. EPIC previously urged Congress to require "Algorithmic Fairness Assessments" before automated decision tools are adopted. Last year, EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. Both the GDPR and the Council of Europe Privacy Convention require algorithmic accountability.

Tags:

Algorithmic Transparency

Posted by EPIC on April 10, 2019 3:55 PM | Permalink

IRS Refuses Congressional Demand for President’s Tax Returns

The IRS has refused to comply with Rep. Richard Neal’s deadline to turn over President Trump's tax returns. As Chairman of the House Ways and Means Committee, Rep. Neal has the authority under a section of the tax code to obtain the tax returns. Rep. Neal's letter demanded six years of tax returns from President Trump and his business entities. It is a well established tradition for Presidents and Presidential candidates to make public their tax returns. EPIC has sought the release of the President's returns in two lawsuits: EPIC v. IRS I and EPIC v. IRS II. EPIC also sent a request to the IRS for information about Rep. Richard Neal's request. EPIC previously urged Congress to obtain and publicly release of President Trump's tax returns. EPIC is seeking to determine the extent of Russian interference in the 2016 presidential election.

Tags:

Posted by John Davisson on April 11, 2019 10:22 AM | Permalink

EPIC FOIA: EPIC Obtains DHS Drone Status Report

Through a Freedom of Information Act lawsuit, EPIC has obtained the DHS drone status report required by a Presidential Memorandum. The 2015 Memorandum required federal agencies to detail drone policies and procedures to protect privacy, civil rights, and civil liberties. The DHS report attempts to justify the use of drones by Customs and Border Protection, but a recent Inspector General report calls into question the CBP's policies and procedures. The Inspector General found that CBP failed to complete a required analysis for a drone surveillance system and failed to implement effective safeguards for information collected by drones. EPIC has called on Congress to "establish drone privacy safeguards that limit the risk of public surveillance."

Tags:

Posted by John Davisson on April 11, 2019 2:49 PM | Permalink

EPIC Recommends Border Agency Adopt Universal Guidelines for Artificial Intelligence

In comments to Customs and Border Protection, EPIC recommended the adoption of the Universal Guidelines for Artificial Intelligence for a new boded controls system, the "21st Century Customs Framework." EPIC , stressed the need for transparency, accountability, and fairness in automated decisionmaking. EPIC explained “Although CBP claims that risk scores are only used on cargo,” the "impact falls on individuals.” EPIC previously submitted comments to the agency regarding the Automated Targeting System and the Intelligence Records System. Through FOIA, EPIC has also obtained information on the agency’s data systems, including the Analytical Framework for Intelligence, which assigns “risk assessments” to travelers, including U.S. citizens.

Tags:

Posted by John Davisson on April 11, 2019 5:10 PM | Permalink

EPIC to FAA: Mandate Drones Broadcast ID and Location, Course

In response to Federal Aviation Administration request for comments regarding drone security and drones flying over people, EPIC urged the agency to mandate cybersecurity safeguards and privacy protections for populated areas subject to aerial surveillance. EPIC repeated the earlier recommendation that the agency require drones to broadcast identifying information, location, course, purpose, and surveillance capabilities. Earlier this year, Senator Edward Markey (D-MA) stated, "Privacy cannot be an afterthought as the FAA seeks to make it easier and safer for commercial drones to take flight." Starting with a 2012 petition, EPIC has recommended that the FAA establish drone privacy regulations and to ensure that drones broadcast ID.

Tags:

drones
FAA

Posted by EPIC on April 16, 2019 10:00 AM | Permalink

EPIC tells FTC, "Enforcement is a measure of success"

EPIC Consumer Protection Counsel Christine Bannan testified at the FTC's hearing on the agency's effectiveness at protecting consumer privacy. She said that the FTC's success should be measured by the enforcement of its orders. EPIC's Freedom of Information Act request revealed that there are there are over 26,000 pending consumer complaints against Facebook made while under the consent order. In the eight years since the FTC entered the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook.

Tags:

Facebook
FTC

Posted by EPIC on April 16, 2019 11:06 AM | Permalink

EPIC Names New Advisory Board Members

EPIC has announced the newest members of the EPIC Advisory Board. They are Professor Elizabeth Joh, Dr. Lorraine Kisselburgh, Travis LeBlanc, Dr. Bilyana Petkova, Jennifer Stoddart, Dr. Paul Vixie, and Professor Ari Waldman. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties. The publication of the EPIC Advisory Board members are available at the EPIC Bookstore. The 2019 EPIC Champion of Freedom Awards will be presented on June 5, 2019 at the National Press Club. Press Release.

Posted by EPIC on April 17, 2019 5:10 PM | Permalink

Mueller Report: Russian Hacking of 2016 Election Much Greater Than Previously Known, Critical Information Still Withheld

An extensively redacted version of the Mueller Report released today reveals that Russian interference in the 2016 presidential election was much greater than previously known. The Special Counsel's investigation found that the "Russian government interfered in the 2016 presidential election in sweeping and systematic fashion." The Report details Russia's hacking of US political organizations and a large-scale social media disinformation campaign. The Report also reveals that Russia breached the computers of election officials in Florida. The Report confirms that members of the Trump family and the Trump presidential campaign enthusiastically retweeted Russian propaganda. But much in the report is still secret. The Attorney General has withheld information on more than 170 pages of the 448 page report. EPIC is currently suing for the public release of the complete Mueller Report in EPIC v. Department of Justice, No. 19-810 (D.D.C.). A hearing is scheduled in federal district court on May 2.

Tags:

Posted by EPIC on April 18, 2019 1:05 PM | Permalink

In Court Filing on Mueller Report, EPIC Raises Questions About Redactions, Release of Report

In a court filing today, EPIC raised key questions about the version of the Mueller Report released by the Attorney General, and also about the Justice Department's inconsistent statements regarding the release. EPIC noted the extensive redactions in the report—material is withheld on approximately 178 pages of the 448-page report. EPIC explained that the Attorney General claimed "harm to ongoing matter" as the primary reason for withholding information, but that phrase is nowhere to be found in the Freedom of Information Act. EPIC also highlighted the Attorney General's statement that he gave the Report to the White House Counsel and the President's personal lawyers in advance of the press conference, even though the Justice Department previously told the Court in EPIC v. DOJ that it was not possible to disclose the report to EPIC before today. EPIC's case for the release of the Mueller Report—the first in the nation—is EPIC v. Department of Justice, No. 19-810 (D.D.C.).

Tags:

Posted by EPIC on April 18, 2019 4:15 PM | Permalink

EPIC Files Intervention in Human Rights Court Review of UK Bulk Surveillance Program

EPIC has filed a third-party intervention with the European Court of Human Rights in Big Brother Watch v. UK, a case concerning a bulk surveillance program of the British government. Last year the European Court ruled that the communications surveillance regime violated Article 8 of the European Convention on Human Rights, but stopped short of ruling that bulk surveillance violated the Convention. The human rights groups that brought the case requested referral to the Grand Chamber, a larger panel of judges, and urged the Court to rule mass surveillance incompatible with fundamental rights. After filing a brief in the original case explaining the broad scope of U.S. surveillance, EPIC has now filed a new brief with the Grand Chamber, arguing that the Court should carefully consider UK-U.S. intelligence transfers. U.S. surveillance does not "provide the requisite Article 8 safeguards" and transfer of intelligence to the U.K. "risks circumventing the Convention’s guarantees," EPIC explained. In an article for Just Security, EPIC called the initial ruling against UK surveillance "narrow" but "important."

Tags:

Posted by EPIC on April 22, 2019 11:40 AM | Permalink

Supreme Court to Hear Arguments on Census Citizenship Question

The U.S. Supreme Court will hear arguments this week in a case challenging the addition of the citizenship question to the 2020 Census. EPIC filed an amicus brief in Department of Commerce v. New York, urging the Court to uphold a New York federal judge's decision to remove the question. EPIC warned that the "extraordinary reach of the Bureau into the private lives of Americans brings extraordinary risks to privacy." In a related matter, EPIC's lawsuit to block the citizenship question, EPIC v. Commerce, is currently before the D.C. Circuit with an argument scheduled for May 8. EPIC has charged that the Census Bureau failed to complete required Privacy Impact Assessments prior to the decisions to collect personal data about citizenship. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC told the D.C. Circuit, "Key deadlines are fast approaching, and major privacy risks have not been addressed by the agency."

Tags:

Posted by EPIC on April 22, 2019 2:45 PM | Permalink

Defense Dept. Finalizes Uniform Privacy Regulation, Responds to EPIC Comments

As part of an effort to promote uniformity in privacy regulations, the Department of Defense has finalized a regulation regarding the Personnel Vetting Records System. EPIC submitted detailed comments to the agency "criticizing the breadth of exemptions and expressing concerns about accountability for DoD's information collection activities." The Department of Defense responded in detail to EPIC stating, "The Department appreciates these concerns....Notwithstanding the potential availability of exemptions that DoD may need to assert for certain records in the system when circumstances warrant, exemption rules do not require the assertion of exemptions in every instance. In fact, DoD anticipates asserting exemptions in limited circumstances on a case-by-case basis....With respect to access rights in particular, the DoD anticipates generally providing access rights and exercising exemptions as the exception rather than the norm." EPIC routinely comments on the obligations of federal agencies to comply with the federal Privacy Act. EPIC recently commented on the privacy issues raised by the Department's "Insider Threat" Program, noting that the extensive collection of personal data could create new vulnerabilities.

Tags:

Privacy Act

Posted by EPIC on April 22, 2019 5:45 PM | Permalink

In Comments to Defense Dept. EPIC Urges Adherence to Privacy Act, Algorithmic Fairness

In comments to the Department of Defense on the proposed expansion of the "Insider Threat" Database, EPIC recommended the Department withdraw unlawful and unnecessary routine use disclosures, significantly narrow the Privacy Act exemptions, and adopt the Universal Guidelines for Artificial Intelligence. The DoD plans to collect detailed, personal information, including health data, ethnicity and race, biometric data, travel records, and social media information, on federal employees, their friends, and family members. EPIC noted widespread computer security problems at the DoD, and warned, "this system of records—despite a documented inability to protect personal data—invites the very threats the program seeks to prevent." EPIC previously commented on the creation of the system.

Tags:

Posted by EPIC on April 22, 2019 6:10 PM | Permalink

EPIC FOIA: Census Bureau Gathers Noncitizens' Data Without Required Privacy Impact Assessment

An EPIC Freedom of Information Act request has revealed that the Census Bureau obtains vast quantities of noncitizens' personal data from the Department of Homeland Security without having first conducted a required Privacy Impact Assessment. Under a written agreement disclosed to EPIC, the DHS transfers the "Legal Permanent Resident File" to the Bureau each year, which includes citizenship, immigration status, marital status, and other sensitive personal information. Yet the Census Bureau conducted no analysis of the privacy risks and failed to describe the personal data gathered. In EPIC v. Commerce, EPIC has charged that the Census Bureau failed to complete required Privacy Impact Assessments prior to adding the citizenship question to the 2020 Census. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC's motion to halt the citizenship question will be argued before the D.C. Circuit on May 8.

Tags:

Posted by EPIC on April 23, 2019 12:30 PM | Permalink

FTC Renews Spam Rule, Cites EPIC Comments

After soliciting public comments, the Federal Trade Commission has renewed the CAN-SPAM Rule (Controlling the Assault of Non-Solicited Pornography and Marketing). The FTC rule requires subject-line labeling of commercial emails containing sexually explicit material. The rule also clarifies that a recipient of unwanted emails may not be required to pay a fee, provide additional information or take any steps beyond sending an email or visiting a web page to opt out. In confirming the final rule, the agency specifically referenced EPIC's comments in support of the rule: "For example, the Electronic Privacy Information Center ('EPIC'), a consumer advocacy group, asserted that, '[w]hile the volume of spam is lower than it was just a few years ago, the need for the Rule continues.'" EPIC continues to push the FTC to safeguard consumer privacy with the Enforce the Order campaign, urging the agency to act against Facebook.

Tags:

FTC
spam

Posted by EPIC on April 23, 2019 7:00 PM | Permalink

Appeals Court Strikes Down Debt Collector Exception to Robocall Ban

A federal appeals court ruled today that an amendment to the federal robocall ban is unconstitutional. The Telephone Consumer Protection Act prohibits automated calls to cell phones, except in emergencies or with the consent of the called party. But in 2015 Congress created an exception for calls made to collect debts guaranteed by the federal government. The court in AAPC v. FCC found that the debt-collection exemption "undercuts" the privacy protections in the law. So the court found the exception unconstitutional and struck it from the law. EPIC filed a "friend of the court" brief in Gallion v. Charter Communications, a similar case in the Ninth Circuit, arguing that "the TCPA prohibitions are needed now more than ever." EPIC has testified in support of the TCPA and has submitted extensive comments and amicus briefs on the consumer privacy law.

Tags:

Posted by EPIC on April 25, 2019 12:15 PM | Permalink

EPIC to TSA: Conduct Rulemaking on Facial Recognition

In comments to inform the Transportation Security Administration's 2020 National Strategy, EPIC recommended that TSA to suspend the facial recognition program at US airports. EPIC wrote, "The TSA's use of facial recognition lacks the safeguards necessary for implementation." EPIC has also warned lawmakers and the DHS about the biometric border program that incorporates deploy facial recognition. EPIC has urged the agency to undertake a notice and comment rule making that would provide the public with the opportunity to comment on the controversial program. EPIC successfully required TSA to conduct a rulemaking on its deployment of airport body scanners in EPIC v. DHS. EPIC also recommended that TSA incorporate the Universal Guidelines for Artificial Intelligence, endorsed by over 300 organizations and experts, for AI-based systems.

Tags:

Posted by EPIC on April 26, 2019 9:50 AM | Permalink

Facebook Anticipates $3B-$5B Fine

According to news reports, Facebook has budgeted $3 billion for in its first-quarter earnings report, saying it expected the FTC to fine the company between $3-$5 billion. In January, EPIC and a coalition of consumer and civil rights groups sent a letter to the FTC calling on the Commission to enforce the order against Facebook by 1) imposing substantial fines; 2) establishing structural remedies; 3) requiring compliance with Fair Information Practices; 4) reforming hiring and management practices; and 5) restoring democratic governance. Also, EPIC's Freedom of Information Act request revealed that there are there are over 26,000 complaints pending against Facebook. In the eight years since the FTC announced the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order.

Tags:

Posted by EPIC on April 26, 2019 10:20 AM | Permalink

EPIC to Appropriations Committees: Suspend the Census Citizenship Question

EPIC has sent a statement to the House Appropriations Committee prior to a hearing on Census oversight. EPIC urged Congress to require the Census Bureau to remove the citizenship question from the 2020 census, pending the completion and review of required Privacy Impact Assessments. EPIC told the Committee that the Census Bureau failed to complete the Privacy Impact Assessments required by Section 208 of the E-Government Act. The Census Bureau concedes that it must complete the impact assessments but has so far failed to do so. "Congress made clear that data collection simply could not occur without the completion of these assessments," EPIC explained to Congress. In EPIC v. Commerce, currently before the D.C. Circuit Court of Appeals, EPIC argued that the collection of personal data concerning citizenship status without the privacy impact assessments is unlawful. EPIC warned the federal appeals court that "major privacy risks have not been addressed by the agency."

Tags:

Posted by EPIC on April 29, 2019 3:30 PM | Permalink

EPIC Advises Senate Commerce Committee on Federal Privacy Legislation

Prior to a hearing on "Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework," EPIC has sent a statement and related materials to the Senate Commerce Committee advising on federal privacy legislation. EPIC Executive Director Marc Rotenberg recently wrote in the New York Times, "There is still much that Congress can do to strengthen privacy protections for Americans. Enacting federal baseline legislation and establishing a data protection agency would be a good start." EPIC also sent the Committee EPIC commentaries from the Financial Times, Techonomy, the OECD Observer, and the Harvard International Review. EPIC recently joined 16 organizations in support of "A Framework for Privacy Protection in the United States."

Tags:

consumer

Posted by EPIC on April 30, 2019 9:25 AM | Permalink

EPIC to Congress: FCC Must Do More on Robocalls

In advance of a hearing about robocalls, EPIC has sent a statement to the House Energy & Commerce Committee saying "The FCC needs to do far more to protect consumers from robocalls." EPIC has long advocated for robust telephone privacy protections. Last week, EPIC submitted comments to the FCC recommending that the agency (1) require phone providers to proactively block calls from numbers that are unassigned, unallocated, or invalid; (2) prohibit spoofing if there is an intent to defraud or cause harm; and (3) encourage the use of call authentication technology that safeguards caller anonymity. EPIC filed amicus briefs earlier this year and in 2015 that strengthened consumer protections for robocalls.

Tags:

robocalls

Posted by EPIC on April 30, 2019 1:40 PM | Permalink

Annual Surveillance Report Reveals Upturn in U.S. Persons Call Record Searches, Unmasking

According to the Office of Director National Intelligence 2018 report, the use of information on U.S. persons collected under Foreign Intelligence Surveillance Act increased. The instances in which the NSA "unmasked" - revealed a U.S. person's identity in foreign intelligence data - to another agency grew from 9,529 to 16,721. In 2018, the government also searched domestic call detail records for U.S. persons at five times the rate in 2017, rising from 31,196 to 164,682. Notably, the government notifications to defendants of the use of FISA information in criminal proceedings increased from 7 in 2017 to 14 in 2018. EPIC previously testified before Congress on the need for more public reporting about the use of FISA for domestic surveillance. Several of EPIC's recommendations, including greater detail on government surveillance activities, were incorporated in the USA Freedom Act.

Tags:

Posted by EPIC on April 30, 2019 2:15 PM | Permalink

In Mueller Case, EPIC Proposes Expedited Briefing and Court Review of Full Report

In a court filing today in Washington, DC, EPIC has proposed an expedited briefing schedule in its case for release of the full Mueller Report concerning "Russian Interference in the 2016 Presidential Election." EPIC also proposed that the Justice Department provide the full, unredacted report to the federal judge overseeing the case for review. The Department of Justice has informed EPIC that the agency will provide a processed version of the Mueller Report to EPIC as early as this Thursday. The parties are expected to appear before Judge Reggie Walton this Thursday at 10 am. EPIC will challenge the Department of Justice's withholding of substantial portions of the Mueller Report from the public. EPIC's case for the release of the Mueller Report—the first in the nation—is EPIC v. Department of Justice, No. 19-810 (D.D.C.).

Tags:

Posted by EPIC on April 30, 2019 6:25 PM | Permalink