epic.org: November 2019 Archives

AI Commission Finalizes Report to Congress in Secret

The National Security Commission on Artificial Intelligence held yet another closed-door meeting last week to finalize its upcoming report to Congress and the President. Created by Congress in 2018, the AI Commission is tasked with considering "the methods and means necessary to advance the development of" AI to address national security and defense needs. But the Commission has operated almost entirely in secret, unlawfully denying the public access to its meetings and withholding nearly all of its records. In September, EPIC filed an open government lawsuit against the AI Commission to ensure transparency and public participation. The Commission's report is due to be released next week. EPIC’s case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

AI Commission

Posted by John Davisson on November 1, 2019 8:03 AM | Permalink

Senators Propose Alternative to "Opaque Algorithms"

A bipartisan group of Senators has introduced legislation that would give users the option to engage with a platform without being manipulated by algorithms driven by user-specific data. The Filter Bubble Transparency Act, sponsored by Senators Thune (R-SD), Blumenthal (D-CT), Moran (R-Kan.), Blackburn (R-Tenn.) and Warner (D-Va.), would require large platforms to provide users with the option of a filter bubble-free view of the information they provide. "This legislation is about transparency and consumer control," said Senator Thune. EPIC board member Shoshana Zuboff said, "Filter bubbles divide and conquer. The Filter Bubble Transparency Act begins the work of breaking this manipulative and divisive cycle." However, the bill stops short of requiring Internet companies to reveal the algorithms used to manipulate users. EPIC first warned the Federal Trade Commission about the risk of opaque search algorithms in 2011. EPIC has since advocated for Algorithmic Transparency and urged adoption of the Universal Guidelines for AI. In a 2017 statement for the Senate Commerce Committee EPIC wrote, "It is becoming increasingly clear that Congress must regulate AI to ensure accountability and transparency."

Tags:

algorithmic transparency

Posted by EPIC on November 1, 2019 9:25 AM | Permalink

Ralph Nader, Color of Change Endorse US Data Protection Agency

In a New York Times article, consumer advocate Ralph Nader endorsed the creation of a data protection agency. Nader told the Times that the U.S. needs a "new agency when the abuse pattern is so expansive that the authority in the existing agencies is obsolete and inadequate.” Rashid Robinson, President of Color of Change, said "We need to have a new data protection agency, an agency that examines the social, ethical impact of high-risk data practices.” EPIC and consumer groups have urged Congress to establish a data protection agency. EPIC has long advocated for a U.S. Data Protection Agency, noting that the United States is one of the few democracies in the world that does not have a federal data protection agency.

Tags:

Posted by Caitriona Fitzgerald on November 3, 2019 10:06 AM | Permalink

EPIC to Oppose Google-Fitbit Deal

In a statement released today, Marc Rotenberg said that EPIC would oppose Google's proposed acquisition of the fitness tracking company Fitbit. Mr. Rotenberg said the deal should not be approved. "There is no reason to trust Google's assurances about privacy protection," Mr. Rotenberg said, citing previous matters involving Doubleclick, YouTube, Google HomeMini, and Nest. Noting statements antitrust enforcement by the the FTC Chairman and the Assistant Attorney General, Mr. Rotenberg also said, "The Google-Fitbit deal is a test of their commitment to competition, innovation, and data protection." EPIC brought the 2012 case against the FTC for the agency's failure to enforce the 2011 consent order against Google after the company consolidated user data across multiple services.

Tags:

Posted by Caitriona Fitzgerald on November 4, 2019 6:15 AM | Permalink

Appeals Court: Trump Tax Returns Must Be Disclosed to Prosecutor

A federal appeals court has ruled that President Trump's accountants must turn over eight years of the President's personal tax returns to the Manhattan district attorney. The Second Circuit Court of Appeals rejected the President's attempt to block a grand jury subpoena for the returns, finding "no support" for the argument "that a President's private and non‐privileged documents may be absolutely shielded from judicial scrutiny." EPIC previously sought President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President about his taxes. In EPIC v. IRS II, EPIC is seeking "offers-in-compromise" and related tax records of President Trump and his businesses.

Tags:

Posted by EPIC on November 4, 2019 12:45 PM | Permalink

Report Raises New Concerns About Privacy Safeguards for US AI Deployment

A report released today by the National Security Commission on Artificial Intelligence raises new concerns about privacy and human rights safeguards for the use of AI by the federal government. The report to Congress acknowledges that "AI tools present states with greater capabilities to monitor and track their citizens or those of other states" and that AI "increases the risk of human rights abuses or violation of individual privacy[.]" The Commission also calls for AI uses that are "consistent with constitutional principles of due process, individual privacy, equal protection, and non-discrimination." But the report criticizes the EU's "privacy-first approach" to AI, calling the GDPR "a significant obstacle in any efforts to standardize privacy regulations," even though many leading US companies have agreed to comply with the privacy law. The Commission's report was drafted almost entirely in secret, in violation of multiple open government laws. In September, EPIC filed suit against the Commission to ensure transparency and public participation. EPIC's case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by EPIC on November 4, 2019 3:35 PM | Permalink

EPIC to Congress: Protect U.S. Consumer Data from Foreign Adversaries

In a statement to the Senate Judiciary Committee, EPIC urged lawmakers to pass legislation to safeguard consumer data from foreign adversaries. Prior to a hearing on "How Corporations and Big Tech Leave Our Data Exposed to Criminals, China, and Other Bad Actors," EPIC explained that "U.S. businesses, with their vast collections of personal data, remain the target of cyber-attack by criminals and foreign adversaries." EPIC warned the Senate about foreign access to consumer data in testimony over two years ago. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress, sets out the key elements of a privacy law, including federal baseline legislation and the creation of a Data Protection Agency.

Tags:

Consumer Protection

Posted by EPIC on November 4, 2019 6:10 PM | Permalink

Senator Booker Introduces Legislation Banning Face Surveillance in Public Housing

Presidential Candidate Cory Booker has introduced the No Biometric Barriers to Housing Act, a bill to ban the use of facial recognition technology in public housing. “Facial recognition technology has been repeatedly shown to be incomplete and inaccurate, regularly targeting and misidentifying women and people of color. We need better safeguards and more research before we test this emerging technology on those who live in public housing and risk their privacy, safety, and peace of mind,” Senator Booker said. Congresswoman Yvette Clarke (D-NY) introduced similar legislation in the House in July. The House bill now has 10 cosponsors. EPIC recently testified before the Massachusetts Legislature in support of a moratorium on face surveillance. EPIC also organized a civil society declaration endorsed by over 80 organizations and 650 individuals to suspend the deployment of facial surveillance technology.

Tags:

Posted by Caitriona Fitzgerald on November 4, 2019 9:20 PM | Permalink

EPIC, Coalition Call on DHS to Withdraw Social Media Data Collection Plan

EPIC, the Brennan Center and over 40 organizations have opposed the Department of Homeland Security plan to collect social media identifiers from immigrants and foreign travelers. The civil liberties coalition warned of the "chilling effect on speech, intrusion of privacy, and disparate impact" the plan would have. As EPIC explained in a Spotlight on Surveillance, government collection of social media data raises substantial privacy and civil liberties concerns. EPIC previously opposed a proposal by the DHS to collect social media identifiers. In EPIC v. DHS, a 2011 Freedom of Information Act case, EPIC uncovered the first agency plan to monitor social media.

Tags:

social media monitoring

Posted by EPIC on November 5, 2019 10:10 AM | Permalink

EPIC Urges D.C. City Council to Ban Face Recognition on Body Cameras

In a statement to the D.C. City Council, EPIC urged council members to ban the use of facial recognition technology on police-worn body cameras. The Council held a public roundtable to assess the use of police body-worn cameras by the Metropolitan Police Department. EPIC described the growing opposition to facial recognition technology in the United States as well as internationally. EPIC previously testified before the City Council on body cameras, stating there are "more productive means to achieve police accountability that do not carry the risk of increasing surveillance." A 2017 study of MPD body cameras found that the cameras had no impact on police use of force and civilian complaints.

Tags:

facial recognition

Posted by EPIC on November 5, 2019 10:20 AM | Permalink

EPIC to Congress: End Section 215 Surveillance Program

In advance of a hearing on reauthorizing the Freedom Act, EPIC sent a statement to the Senate Judiciary Committee urging Congress to end the NSA's phone record collection program, known as "Section 215." EPIC wrote "events of the past few years make clear that Section 215 should not be renewed." Section 215 of the Patriot Act allowed the NSA to collect the telephone records of Americans. In 2013, following the Snowden disclosures, EPIC filed a petition with the Supreme Court, challenging the lawfulness of Section 215. Congress found the 215 program was ineffective and passed the USA Freedom Act to limit data collection. NSA has since acknowledged significant compliance problems. The Director of National Intelligence also confirmed that the program was suspended. Section 215 will sunset unless Congress chooses to reauthorize the program.

Tags:

Posted by EPIC on November 5, 2019 10:30 AM | Permalink

Bill to Establish Data Protection Agency Introduced in Congress

Representatives Eshoo and Lofgren have introduced the Online Privacy Act, a comprehensive framework for data protection in the United States. The bill would establish a data protection agency, create meaningful privacy safeguards for consumers, and hold companies accountable for the collection and use of personal data. The bill is based on Fair Information Practices and includes a provision on algorithmic accountability. "The Online Privacy Act sets out strong rights for Internet users, promotes innovation, and establishes a data protection agency. This is the bill that Congress should enact,” EPIC Policy Director Caitriona Fitzgerald said in a statement. EPIC's legislative report graded the Online Privacy Act the #1 privacy bill in Congress.

Tags:

Posted by Caitriona Fitzgerald on November 5, 2019 2:08 PM | Permalink

EPIC Seeks More Details on Secretive AI Commission Report

Following the release of a report by the US Commission on Artificial Intelligence, EPIC is seeking specific information about recommendations that could impact the privacy rights of Americans. EPIC previously sued the Commission to make public its records and meetings. Now EPIC wants to know why the Commission criticized the EU General Data Protection Regulation and why the Commission wants to amend U.S. privacy laws to allow "government access to data on Americans." EPIC is also curious why the Commission selectively published the names of organizations and businesses it consulted. The Commission is chaired by former Google CEO Eric Schmidt. EPIC filed suit against the Commission earlier this year to ensure transparency and public participation. The Commission has held more than 200 closed-door meetings. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C).

Tags:

Posted by EPIC on November 6, 2019 10:00 AM | Permalink

EPIC, Coalition Issue Declaration on Harms of Social Media Surveillance

EPIC joined over 50 organizations in a declaration on the harms of social media surveillance by law enforcement. The groups said that social media surveillance is "often covert and conducted without oversight" and allows law enforcement "to monitor and archive information on millions of people's activities." As EPIC explained in a Spotlight on Surveillance, such surveillance "will subject more innocent people to government investigation." In an op-ed last year, EPIC Senior Counsel, Jeramie Scott, explained how private industry fuels social media monitoring, creating huge databases of personal data that is sold to law enforcement.

Tags:

social media monitoring

Posted by EPIC on November 6, 2019 10:45 AM | Permalink

EPIC Files Complaint with FTC about Employment Screening Firm HireVue

Today, EPIC filed a complaint with the FTC alleging that recruiting company HireVue has committed unfair and deceptive practices in violation of the FTC Act. EPIC charged that HireVue falsely denies it uses facial recognition. EPIC also said the company failed to comply with baseline standards for AI decision-making, such as the OECD AI Principles and the Universal Guidelines for AI. The company purports to evaluate a job applicant's qualifications based upon their appearance by means of an opaque, proprietary algorithm. EPIC has brought many similar consumer privacy complaints to the FTC, including a complaint on Facebook's facial recognition practices that contributed to the FTC's 2019 settlement with Facebook. Last year EPIC also asked the FTC to investigate the Universal Tennis Rating system, a secret technique for scoring high school athletes.

Tags:

Posted by EPIC on November 6, 2019 11:40 AM | Permalink

EPIC's Rotenberg Calls For End to Facebook Political Ads

In testimony before the International Committee on Fake News, EPIC President Marc Rotenberg today called for an end to Facebook's political ads. "The company's view of political advertising is both reckless and irresponsible," said Rotenberg. He added that advertising revenue should "flow back to traditional media and help strengthen independent journalism." EPIC also urged enforcement of the GDPR. "History must not repeat itself," said Rotenberg, citing the failure of the US Federal Trade Commission to act when it had the opportunity to do so. The international Committee, meeting in Dublin, is comprised of lawmakers from 14 countries, including Rep. Cicilline, chair of the House committee on antitrust.

Tags:

Posted by Caitriona Fitzgerald on November 7, 2019 7:17 AM | Permalink

International Committee Adopts Resolution on Regulation of Social Media

The International Grand Committee on Fake News and Disinformation, meeting in Dublin, agreed today to principles to advance the global regulation of social media. EPIC President Marc Rotenberg, who spoke earlier in the day to the Committee, praised the outcome. “This is an important step forward,” said Mr. Rotenberg. “The Committee has recognized that self-regulation has failed and that social media firms must be subject to the rule of law and democratic institutions. EPIC fully supports the recommendation for transparency regarding the source, targeting methodology and levels of funding for all online political advertising. But the Committee will need to do more to safeguard election integrity.” Mr. Rotenberg’s prepared statement highlighted an opinion of the former European Data Protection Supervisor Giovanni Buttarelli, who said the solution to the challenge of fake news “is to be found beyond content management and transparency. We also need better enforcement of the rules on data processing, especially sensitive information such as health, political and religious views, and accountability."

Posted by Candace Paul on November 7, 2019 4:18 PM | Permalink

European Parliament Issues Report on Law Enforcement Data Access Proposal

The influential LIBE Committee of the European Parliament has issued a long-awaited report on a proposal to create rules for law enforcement access to personal data stored outside the EU. The report of the Parliament on "e-Evidence" would revise an earlier proposal and create new safeguards, permitting access orders only when strictly necessary, restricting the circumstances when orders may be issued, limiting the use of information collected, and expanding remedies for individuals subject to unlawful access. Speaking at the European Parliament on the e-Evidence proposal last year, EPIC called for similar safeguards for law enforcement access to data, as well as data minimization, transparency, and notice to indivduals. EPIC recently led a coalition of 20 civil society organizations objecting to data access under the less protective U.S.-U.K. Agreement.

Posted by EPIC on November 7, 2019 5:15 PM | Permalink

EPIC to Court: AI Commission Must Comply With FOIA

EPIC told a federal court this week that the National Security Commission on Artificial Intelligence must comply with the Freedom of Information Act. Created by Congress in 2018, the AI Commission is tasked with considering "the methods and means necessary to advance the development of” AI in a national security setting. But the Commission has operated largely in secret and claims that it is exempt from open government laws. The Commission has received almost 200 closed-door briefings, with no published agendas and no public minutes. EPIC, which filed suit against the Commission in September, explained that Congress left “no doubt that the AI Commission is subject to the FOIA.” The Commission recently released a report to Congress, which criticized the EU General Data Protection Regulation and called for greater "government access to data on Americans." EPIC’s case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

AI Commission

Posted by John Davisson on November 8, 2019 7:27 AM | Permalink

Following EPIC Suit, AccuWeather Changes Location Tracking Practices

Following a DC consumer protection suit that EPIC filed against AccuWeather in 2018, the company has stopped deceptively gathering users' location data. In its Complaint, EPIC charged that AccuWeather grabbed consumers' location data even when they expressly opted out of location tracking. EPIC also charged that AccuWeather failed to disclose that it transferred location data to advertisers. Now AccuWeather, following EPIC's case, has changed its business practices. Users can decline dvertising and other non-functional uses of their device information, and users can delete the information that AccuWeather collects about their device. EPIC has long advocated for the privacy of location data. EPIC filed a "friend of the court" brief with the US Supreme Court in, Carpenter v. US, a case concerning police surveillance and a complaint with the Federal Trade Commission concerning Uber's tracking of subscribers. EPIC also opposed Apple's tracking of iPhone users. EPIC also maintains detailed webpages on location privacy.

Tags:

Posted by EPIC on November 12, 2019 10:25 AM | Permalink

EPIC to Congress: FTC Must Consider Privacy, Block Google-Fitbit Deal

In a statement to the House Judiciary Committee, EPIC told lawmakers that merger review must consider data protection and that the Federal Trade Commission must block Google's plan to acquire Fitbit. "Far from protecting market competition and promoting innovation, the Commission is facilitating industry consolidation," EPIC said in the statement released in advance of the hearing. EPIC pointed to the Facebook-WhatsApp deal and the failure of the FTC to protect the personal data of WhatsApp users after the merger. EPIC noted that if the FTC approves Google's acquisition of Fitbit, it will be the 230th firm that Google/Alphabet has acquired "with barely a whimper from the Federal Trade Commission." EPIC said: "This is not antitrust enforcement. This is agency negligence." EPIC previously testified before the Senate Judiciary Committee about mergers in the online advertising industry after EPIC warned the FTC that Google's acquisition of DoubleClick would diminish privacy and stifle innovation. EPIC earlier opposed Doubleclick's acquisition of Abacus, explaining that the deal would lead to increased profiling of American consumers.

Tags:

Posted by EPIC on November 12, 2019 3:40 PM | Permalink

EPIC, Coalition Urge Justice Department to Rescind Rule Expanding DNA Collection of Detainees

EPIC joined a coalition of civil liberties and immigrant rights organizations to urge the Department of Justice to rescind a proposed rule that effectively requires the DHS to collect DNA from all non-US persons the agency detains or arrests. The coalition stated that the proposed rule was an "unacceptable and unnecessary privacy intrusion" that will impact not only the individual's DNA being collected but also family members, including American citizens. In an amicus brief to the Supreme Court, EPIC argued that law enforcement's warrantless collection of DNA is unconstitutional. In the 2013 brief, EPIC described the "dramatic and unpredictable" expansion of the government's DNA collection over the past decade.

Tags:

Posted by EPIC on November 13, 2019 11:15 AM | Permalink

Bipartisan Senate Bill Requires Warrant for Ongoing Face Surveillance

Senators Chris Coons (D-Del) and Mike Lee (R-Utah) today introduced legislation that will require federal law enforcement agencies to obtain a warrant before engaging in ongoing face surveillance. The Facial Recognition Technology Warrant Act of 2019 would apply to public surveillance using facial recognition technology that lasts more than 72 hours, and the warrants would expire after 30 days. EPIC recently testified before the Massachusetts Legislature in support of a moratorium on face surveillance. And a recent Public Voice petition calling for a moratorium on the use of facial recognition has received support from more than 90 organizations and 700 individuals (including many leading experts) in more than 40 countries.

Tags:

facial recognition

Posted by EPIC on November 14, 2019 12:50 PM | Permalink

European Privacy Board Cites Concerns about EU-U.S. Privacy Shield

In a new report the European Data Protection Board is raising concerns about the EU-U.S. Privacy Shield, a framework permitting the flow of European consumers' personal data to the U.S. The EDPB, a group of top data protection authorities from across Europe, called for more rigorous review of compliance with the Shield, urged the Privacy and Civil Liberties Oversight Board to publish assessments of U.S. surveillance, and concluded that the Shield Ombudsperson was not a sufficient remedy for potential privacy violations. The European Commission recently renewed the agreement, despite comments from EPIC and other civil society organizations highlighting U.S. mass surveillance practices and weak privacy safeguards.

Tags:

Privacy Shield

Posted by EPIC on November 14, 2019 4:50 PM | Permalink

Largest Drone Manufacturer Will Implement Remote Identification

Responding to concerns raised by EPIC and others, the largest manufacturer of civilian drones in the world plans to implement a remote identification technique that would allow anyone with a smartphone to identify and track drones near them. According to DJI, "the location, altitude, speed and direction of the drone, as well as an identification number for the drone and the location of the pilot" would be available via a mobile phone app. In several comments to the FAA, EPIC urged the agency to require manufacturers to implement an active drone ID broadcasting requirement. This past summer the European Union established a requirement for real-time drone identification that aligns with EPIC's 2015 recommendations to the FAA, which stated that drone identification should be "similar to the Automated Identification System for commercial vessels." EPIC also wrote that "Because drones present substantial privacy and safety risks, EPIC recommends that any drone operating in the national airspace system include a mandatory GPS tracking feature that would always broadcast the location of a drone when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information." Speaking at the 2016 privacy commissioners conference in Marrakech, EPIC President Marc Rotenberg warned of the "identification asymmetry" that would arise if drones were not required to broadcast identifying information.

Tags:

Posted by EPIC on November 14, 2019 5:00 PM | Permalink

.ORG Sold to Private Equity Firm, Transparency Diminished

The Internet Society announced that it plans to sell the Public Interest Registry, which manages the .ORG domain, and all of its assets to Ethos Capitol, a private equity firm. The announcement follows a decision to remove price caps on domain name purchases that was widely opposed by the user community. EPIC's Marc Rotenberg, who was a founding board member and former chair of PIR, told Gizmodo he was "very disappointed" by the news. "We built the .org domain with the specific goal of promoting the noncommercial use of the Internet," Rotenberg said. "There are many models, including ICANN itself, that could allow for effective management of the domain by a non-profit corporation. There are critical elements of transparency and accountability that will be lost when the Public Interest Registry is acquired by a private equity firm." The PIR website currently states, "PIR's believes that a best practice is transparency and accountability to itself, its stakeholders, and the public. The release of our annual IRS 990 Form provides publicly-available financial information to maintain our non-profit status in good standing."

Posted by EPIC on November 15, 2019 9:25 AM | Permalink

Intelligence Agencies Halt Collection of Cell Location Data Without ‘Probable Cause’

The Director of National Intelligence has notified Congress that U.S. intelligence agencies are no longer obtaining cell site location data without “a showing of probable cause.” The change is a direct result of the Supreme Court’s decision in Carpenter v. United States, which held the Fourth Amendment protects location records generated by mobile phones. The Director wrote that “given the significant constitutional and statutory issues the decision raises,” the intelligence community has “not sought CSLI records or global positioning system (GPS) records” without probable cause “since Carpenter was decided.” EPIC filed an amicus brief in Carpenter, joined by 36 technical experts and legal scholars (members of the EPIC Advisory Board), urging the Court to extend Constitutional protection to cell phone data. Last year, EPIC’s Marc Rotenberg wrote that "Congress now has an opportunity to update federal privacy law, providing greater clarity for digital searches after the Carpenter decision.”

Posted by Candace Paul on November 15, 2019 9:29 AM | Permalink

Following Stone Verdict, DOJ Must Disclose More of Mueller Report to EPIC

With the conclusion of Roger Stone's trial on Friday, the Justice Department must now disclose additional sections of the Mueller Report to EPIC in EPIC v. DOJ. Previously, the agency argued that it could withhold portions of the Report because disclosure would interfere with Mr. Stone's right to a fair trial. But following Mr. Stone's conviction on seven counts, the DOJ can no longer make that claim. The material withheld by the DOJ would likely reveal the role that Wikileaks played in the 2016 presidential election. In EPIC v. DOJ, EPIC is seeking the public release of the complete and unredacted Mueller Report. A ruling is expected soon. The book EPIC v. DOJ: The Mueller Report is available for purchase at the EPIC Bookstore.

Tags:

Mueller Report

Posted by EPIC on November 15, 2019 4:00 PM | Permalink

Privacy Commissioners Launch "Global Privacy Assembly"

The International Conference of Data Protection and Privacy Commissioners today announced a new logo and a new name: the Global Privacy Assembly (GPA). According to the Commissioners, "the new logo and name represent the evolution of the conference and the current work to modernise it, including a new policy strategy which sets out a clear vision for the organization." The GPA Policy Strategy outlines three goals for regulatory cooperation: global frameworks and standards, enforcement co-operation, and policy themes. The Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) will host the Global Privacy Assembly in Mexico City in October 2020. Francisco Javier Acuña Llamas, President of the INAI, said "Thanks to the collaboration of our colleagues, we created a logo which represents the organization's main attributes: international cooperation, knowledge sharing, independence and leadership." The Public Voice Project and the EPIC Public Voice Fund will provide opportunities for civil society organizations to participate in the work of the Global Privacy Assembly.

Posted by EPIC on November 15, 2019 9:05 AM | Permalink

EPIC Obtains Docs about Critical Infrastructure Designation for Election Systems

In a FOIA lawsuit, EPIC has obtained an original draft of the proposal by former DHS Secretary Jeh Johnson to designate state election systems as critical infrastructure. Released in a set of previously withheld documents, the draft memo states "[g]iven the vital role elections play in this country, certain systems and assets of election infrastructure meet the statutory definition of critical infrastructure in fact and in law." The DHS policy was announced on January 6, 2017, the same day the ODNI found extensive Russian interference in the 2016 Presidential election. EPIC later litigated for the release of the complete ODNI report, which found that Russian intelligence services had "obtained and maintained access to elements of multiple U.S. state or local electoral boards." EPIC also obtained from DHS documents about the background and implementation of the critical infrastructure designation. Other documents released as a result of EPIC's suit show the DHS continued to encourage state efforts in election security by making federal resources available on a voluntary basis. The case is EPIC v. DHS, No. 17-2047.

Tags:

Posted by EPIC on November 18, 2019 10:35 AM | Permalink

Pew Research: 'Americans strongly favor more government regulation of consumer data'

According to a new poll from the Pew Research Center, 75% of Americans say there should be new regulations of what companies may do with personal data. 81% of the public believe that the risks of data collection by companies outweigh the benefits, and 66% say the same about government. 79% of Americans say they are at least somewhat concerned about how companies use personal data, 36% say they are very concerned. 79% of Americans say they are not confident that companies will admit mistakes and take responsibility if they misuse personal data. 70% of adults say their personal data is less secure than it was 5 years ago. Only 2% of respondents described digital privacy as "knowledge and consent." The survey results are based on a nationally representative panel of randomly selected U.S. adults. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency.

Tags:

Posted by EPIC on November 18, 2019 1:55 PM | Permalink

Senate Democrats Set Out Comprehensive Data Protection Framework

Top Senate Democrats today unveiled key goals for comprehensive federal data privacy legislation. The Democratic Senators' proposal calls for strong consumer rights, corporate accountability, effective enforcement, data minimization, and accountability for algorithmic decision making. The proposal would not preempt stronger state privacy laws. The proposal is backed by Senators Maria Cantwell, Dianne Feinstein, Sherrod Brown, and Patty Murray, and endorsed by Senators Ron Wyden, Richard Blumenthal, Brian Schatz, and Ed Markey, as well as Minority Leader Chuck Schumer. EPIC Policy Director Caitriona Fitzgerald called the new Senate proposal a game changer. "We are now on track for the adoption of comprehensive privacy legislation in the United States," she said. "The Senate should move forward this excellent proposal."

Tags:

policy

Posted by Caitriona Fitzgerald on November 18, 2019 2:25 PM | Permalink

Google Announces Limits on Data Transfer in Ad Bids

Google has announced that it will no longer describe the type of content on an app or webpage when conducting auctions for ads. Google stated the change was the result of "engagement with data protection authorities" and would help prevent those bidding on ads from linking individual people to sensitive content. The change raised concerns about entrenching Google's dominance over internet advertising and whether the policy change would further diminish advertising revenue for content publishers. Questions also remain as to whether the change is necessary under the GDPR if user IDs are effectively deidentified as Google has claimed. Google's modifications to its Street View data collection failed to halt multiple fines by data protection agencies for legal violations. The company's ad exchange is still under investigation for violations of the EU General Data Protection Regulation. EPIC recently urged lawmakers to unwind bad mergers, including Google's acquisition of YouTube and Nest.

Tags:

Posted by EPIC on November 18, 2019 5:50 PM | Permalink

Appeals Court Questions Government on Reliability of Google Scanning Algorithm

This week a federal appellate judge pressed the government about the reliability of a Google scanning algorithm that provided the basis for the warrantless search of a private email. EPIC raised concerns about the scanning technique in an amicus brief for the appeals court. In United States v. Wilson, EPIC argued that "because neither Google nor the Government explained how the image matching technique actually works or presented evidence establishing accuracy and reliability, the Government's search was unreasonable." Judge Watford told the government attorney that he "would like to hear your defense of the evidentiary record" because what we have "is this declaration from the Google person," and "I would need far more explanation of how reliable the hash matching technology is before I could validate this search." EPIC filed an amicus brief in a similar case in United States v. Miller. EPIC routinely submits amicus briefs on the privacy implications of new investigative techniques. EPIC has also long promoted algorithmic transparency to ensure accountability for AI-based decision making.

Tags:

Posted by EPIC on November 18, 2019 6:10 PM | Permalink

Applications for Rodotà Award Now Open

The Committee of European Convention 108 (the "Privacy Convention") has announced the second edition of the Rodotà Award, intended to reward innovative academic research projects to advance data protection. The award honors the memory of Stefano Rodotà, a prominent Italian law professor and candidate for the Italian presidency who championed democratic institutions, human rights, and data protection. The competition is open to researchers from all regions of the world participating in the work of the Committee of Convention 108. Application here. Deadline: 18 December 2019. Competition rules. The prize winner will be announced on Data Protection Day (28 January 2020) and will have the opportunity to present his/her work at the next Plenary session of the Committee of Convention 108 to be held in Strasbourg in July 1-3, 2020. In 2009, Prof. Rodotà received the first EPIC International Champion of Freedom Award.

Posted by EPIC on November 19, 2019 11:00 AM | Permalink

At Council of Europe, EPIC's Rotenberg Urges Focus on AI and Human Rights

Speaking to the Council of Europe in Strasbourg, EPIC's Marc Rotenberg urged democratic nations to move forward a policy framework for AI that safeguards human rights. "You cannot afford to wait," said Mr. Rotenberg, describing the work of EPIC to establish algorithmic accountability. In the past few years, EPIC has promoted Algorithmic Transparency, supported the Universal Guidelines for AI, and published the first reference book on AI policy. EPIC has also challenged the secrecy of the US National Commission on AI and urged the recognition of AI policy frameworks to regulate the use of AI techniques.

Tags:

Posted by EPIC on November 19, 2019 9:40 AM | Permalink

PA Supreme Court Rules Government Cannot Compel Suspect to Disclose Password

The Pennsylvania Supreme Court ruled today that the Fifth Amendment right against self-incrimination prevents the government from requiring a suspect to divulge their computer passcode. The court found that "compelling the disclosure of a password to a computer" is testimonial, and that a limited exception to the Fifth Amendment privilege does not apply to passwords. EPIC filed an amicus brief in a similar case in the New Jersey Supreme Court. EPIC argued in State v. Andrews that the Fifth Amendment exception should be limited because it predated the vast amounts of personal data stored on computers and telephones. EPIC cited the U.S. Supreme Court's recent decisions in Riley v. California and Carpenter v. United States. EPIC has long filed amicus briefs arguing that constitutional protections should keep pace with advances in technology.

Tags:

Posted by EPIC on November 20, 2019 1:05 PM | Permalink

Swiss Sign Convention 108+, 35 Countries Back Privacy Convention

This week, Switzerland signed the Modernized International Privacy Convention. With the Swiss signature thirty-five countries now back Convention 108+. The Council of Europe Convention 108+ is the first and only binding international legal instrument for data protection. Updated in 2018, the Modernized Convention includes new provisions on biometric data, algorithmic transparency, enhanced oversight. Non-members of the Council of Europe are able to sign the Convention, and EPIC and consumer groups have long urged the United States to ratify the international Privacy Convention.

Tags:

Posted by EPIC on November 21, 2019 2:21 PM | Permalink

EPIC Obtains Documents about Nebraska's Flawed Risk Assessment Software

In response to EPIC's Freedom of Information Act request, the Nebraska Department of Correctional Services has provided to EPIC several documents about Nebraska's use of pre-trial risk assessments. Emails among state officials reveal concerns about the accuracy of the Vant4ge algorithm used for risk assessment. The head of the state agency wrote, "there has not been consistency in how the STRONG-R training is delivered" and "there are errors in how the 'severity index' of specific crimes is coded in the Vant4ge software" which "affect the final risk and needs score calculations produced by the assessment." According to the contract obtained by EPIC, Nebraska committed to continue with Vant4ge until 2022. EPIC previously pursued several lawsuits to obtain information about "predictive policing" and "future crime prediction" algorithms. EPIC obtained documents about pre-trial risk assessments as well as a scoring system developed by the DHS to assign risk assessments to travelers, including US citizens. EPIC has urged government agencies to make transparent algorithmic-based decision making.

Tags:

Posted by EPIC on November 21, 2019 3:25 PM | Permalink

Senators Demand Information from Amazon on Ring and Surveillance

Five prominent Senators have demanded that Amazon provide information about Ring, the neighborhood surveillance system posing as a doorbell. Senators Wyden, Markey, Van Hollen, Coons, and Peters wrote that Amazon "holds a vast amount of deeply sensitive data and video footage detailing the lives of millions of Americans in and near their homes." The Senators pressed Amazon for Information about Ring and facial recognition, noting that the company has applied for facial recognition patents. The letter follows an investigation by Senator Markey into Ring's surveillance practices. Senator Markey has also sponsored the Privacy Bill of Rights Act, a bill that would limit some of Amazon's data collection practices. EPIC has recently launched a campaign to Ban Face Surveillance worldwide. After 9-11, EPIC also led the Observing Surveillance campaign to limit the use of surveillance cameras in DC.

Tags:

Posted by EPIC on November 21, 2019 3:35 PM | Permalink

EPIC Advises New York Senate on Privacy Legislation

EPIC has sent a statement to the New York State Senate recommending passage of legislation modeled on Fair Information Practices and creation of a Data Protection Agency. The NY Senate will hold a hearing this week on Senate Bill 5642, concerting oversight of personal data. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a privacy law. "A strong state privacy law would establish an independent state-level Data Protection Agency with resources, technical expertise, rulemaking authority and effective enforcement powers," EPIC told the New York Senate. EPIC's State Policy Project tracks privacy developments at the state level.

Tags:

state policy

Posted by EPIC on November 21, 2019 4:25 PM | Permalink

EPIC Publishes 2020 Edition of The Privacy Law Sourcebook

EPIC has published the 2020 edition of The Privacy Law Sourcebook. The Privacy Law Sourcebook is the leading reference book for those interested in privacy law in the United States and around the world. The Sourcebook includes major U.S. privacy laws and key international privacy laws such as the EU General Data Protection Regulation and the modernized Council of Europe Convention on Privacy. PLS 2020 also features the California Consumer Privacy Act and the Illinois Biometric Privacy Act. PLS 2020 is available in print and Kindle editions. Other publications, including those by members of the EPIC Advisory Board, are available at the EPIC Bookstore.

Posted by EPIC on November 22, 2019 6:20 PM | Permalink

Max Schrems Speaks at EPIC

European privacy advocate Max Schrems spoke to the Privacy Coalition in Washington DC about the GDPR. Max's group None of Your Business (NOYB) is leading the effort to enforce the new privacy law of the European Union. Max is also responsible for one of the leading privacy cases in modern privacy law, Schrems v. DPC, which protected the personal data of Europeans. Max and EPIC have challenged the use of "standard contractual clauses" in a case before the European Court of Justice, known as "Schrems 2.0."

Posted by EPIC on November 22, 2019 2:30 PM | Permalink

Robust Privacy Bill Introduced in the Senate

Ranking Member Cantwell, and Senators Schatz, Klobuchar, and Markey have introduced the Consumer Online Privacy Rights Act, a strong framework for data protection. The bill is based on Fair Information Practices and includes a private right of action so individuals can enforce their rights. The Act would also establish new standards for algorithmic accountability. The bill follows a framework recently announced by Senate Democrats for data protection and privacy. "The Consumer Online Privacy Rights Act is outstanding. The bill gives consumers meaningful rights, holds companies accountable, and protects stronger state safeguards. With the addition of a data protection agency, the bill would establish a comprehensive approach for privacy protection for the U.S.,” EPIC Policy Director Caitriona Fitzgerald said in a statement. EPIC's legislative report graded the Consumer Online Privacy Rights Act an A-. The Senate Commerce Committee will hold a hearing on privacy legislation on December 4.

Tags:

policy

Posted by Caitriona Fitzgerald on November 26, 2019 2:37 PM | Permalink

EPIC Backs Save .ORG Campaign

EPIC has joined Access Now and other NGOs, urging ICANN to halt the sale of the .ORG domain to a private equity firm. The terms of the deal remain secret and the deal followed a controversial decision by ICANN to remove price caps. Marc Rotenberg, a founding board member and former chair of the Public Interest Registry, which manages the domain, said the sale would undermine transparency and accountability. "We established .ORG to promote the non-commercial use of the Internet and to provide an exemplar for Internet governance. ICANN should move quickly to make public the terms of the deal, provide a meaningful opportunity for public comment, and then determine if this assignment is consistent with the mission and purpose of the .ORG," said Rotenberg.

Posted by EPIC on November 27, 2019 9:40 AM | Permalink

DHS Agrees to Release Documents About Election Cybersecurity to EPIC

EPIC and DHS have filed a joint status report in EPIC v. DHS. The federal agency has agreed to reprocess previously withheld documents about election security. EPIC filed a Freedom of Information Act lawsuit in 2017, immediately after the agency's decision to designate election systems as "critical infrastructure." The announcement followed the determination that Russia meddled in the 2016 presidential election. The designation also gave the DHS new responsibilities to help protect state election systems. Over the course of litigation, DHS has provided hundreds of pages to EPIC about the agency's role in election system security. But the agency has also withheld information sought by EPIC, including: (1) documents concerning contacts between DHS and State Election Officials, (2) Election Task Force meeting minutes, (3) documents about risk characterizations and analysis reports on Russian interference; and (4) incident reports and vulnerabilities in election systems. Because the 2020 election is fast approaching, EPIC sought the prompt release of these records so that Congress and the public could assess the effectiveness of the DHS security program. The recent court filing between EPIC and the DHS should move the process forward. The case is EPIC v. DHS, 17-2047 (D.D.C).

Tags:

Posted by EPIC on November 27, 2019 10:05 AM | Permalink

Congress Extends Section 215 Surveillance Program

Congress has temporarily extended Section 215 of the Patriot Act, a controversial surveillance law that allows collection of the telephone records of Americans. EPIC had urged the Senate Judiciary Committee to end the NSA's phone record collection program. EPIC wrote "events of the past few years make clear that Section 215 should not be renewed." In 2013, following the Snowden disclosures, EPIC filed a petition with the Supreme Court, challenging the lawfulness of Section 215. Congress found the 215 program was ineffective and passed the USA Freedom Act to limit data collection. NSA has since acknowledged significant compliance problems. Both Democrats and Republicans have expressed concerns about the surveillance program. The temporary renewal in the House spending bill extends the law until March 15, 2020.

Tags:

Posted by EPIC on November 29, 2019 11:05 AM | Permalink