epic.org: December 2019 Archives

Supreme Court Hears Arguments in Public Access to Law Case

Today, the U.S. Supreme Court heard oral arguments in Georgia v. Public.Resource.Org, which concerns the copyright of a state's official law. EPIC filed an amicus brief in the case, signed by 35 experts in law and technology, stating that "free access to the law is guaranteed by our country's traditions and enabled by digital technologies." EPIC explained that "the federal government has worked to ensure that legal materials are broadly accessible to the public; the states should do the same." EPIC and its staff have long promoted online access to judicial opinions and open access to government information. EPIC routinely files amicus briefs in the US Supreme Court in cases concerning emerging privacy and civil liberties issues.

Tags:

Posted by EPIC on December 2, 2019 9:25 AM | Permalink

FTC Announces Privacy Shield No Penalty Enforcement Action

The FTC entered into settlements with four companies that misrepresented their participation in the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework. These frameworks permit the transfer of Europeans' personal data to the U.S. with an assurance of privacy protection. The settlements require the companies to halt misrepresentations about compliance, but provides no remedy to those EU citizens whose personal data was collected. EPIC has repeatedly told Congress that that the FTC lacks effective enforcement authority. In recent comments on the Privacy Shield, EPIC also noted the absence of a comprehensive U.S. federal privacy law and a data protection authority with the authority to enforce privacy rights. Under the Schrems decision, which provided the basis for the Privacy Shield, the Court of Justice explained that "everyone whose rights and freedoms are violated" have "the right to an effective remedy."

Tags:

Posted by EPIC on December 3, 2019 11:20 AM | Permalink

EPIC to Congress: Create a Data Protection Agency

In advance of a hearing on "Legislative Proposals to Protect Consumer Data Privacy," EPIC told the Senate Commerce Committee that the U.S. needs a Data Protection Agency. "The FTC's problems are not lack of budget or staff. The FTC has not even filled the current post for a Chief Technologist. The FTC has simply failed to use its resources and authorities to safeguard consumers," EPIC said. EPIC recently obtained documents revealing 3,000 new complaints against Facebook since the Commission proposed the $5 b settlement with Facebook. EPIC's Freedom of Information Act lawsuit had previously found 26,000 complaints pending against the social media giant. "The FTC is simply ignoring thousands of consumer privacy complaints about Facebook's ongoing business practices," EPIC said to the Committee. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress, sets out the key elements of a modern privacy law, including federal baseline legislation and the creation of a Data Protection Agency.

Tags:

Posted by EPIC on December 3, 2019 5:00 PM | Permalink

VICTORY - Court Rules US AI Commission Must Disclose Records to EPIC

A federal court has ruled that the National Security Commission on Artificial Intelligence is an agency subject to the Freedom of Information Act. EPIC has sought to make the activities of the AI Commission open to the public, and EPIC sued the Commission when it ignored EPIC's FOIA request. In subsequent briefing, EPIC made clear that the Commission is subject to FOIA under the plain text of the law. Judge Trevor N. McFadden, writing in EPIC v. AI Commission, rejected the Commission's arguments that it is exempt from the law. "[L]ike a stranger offering candy to a child, the Government invites the Court not to read [the FOIA] literally," the court wrote. "The Government has not convinced the Court that it should ignore what Congress said." In 2018, EPIC and leading scientific organizations, including AAAS, ACM and IEEE, and nearly 100 experts urged the White House to ensure a public process for the development of AI policy.

Tags:

AI Commission

Posted by EPIC on December 3, 2019 5:45 PM | Permalink

Senator Markey Blasts DHS Plan for Facial Recognition at Airports

Senator Ed Markey has blasted the DHS's proposal to mandate facial recognition at US airports, stating "this proposal would amount to disturbing government coercion, and as the recent data breach at Customs and Border Protection shows, Homeland Security cannot be trusted to keep our information safe and secure." Senator Markey asked the DHS to withdraw the proposal and said he would introduce legislation to "ensure that innocent American citizens are never forced to hand over their facial recognition information." EPIC is pursuing a lawsuit to uncover documents about the CBP Entry-Exit program. In comments to the agency and Congress, EPIC explained that the agency unfairly burden travelers who exercise their rights to opt-out of biometric identification. EPIC has recently launched a global campaign, calling for a moratorium on the use of facial recognition for mass surveillance.

Posted by EPIC on December 4, 2019 12:25 PM | Permalink

Senators Demand Answers on Algorithmic Bias in Healthcare

Senators Cory Booker (D-NJ) and Ron Wyden (D-OR) sent letters to health insurance companies and two government agencies (the FTC and Centers for Medicare and Medicaid Services) asking how they're addressing bias in health care algorithms. The Senators wrote: "Unfortunately, both the people who design these complex systems, and the massive sets of data that are used, have many historical and human biases built in. Without very careful consideration, the algorithms they subsequently create can further perpetuate those very biases." Booker and Wyden recently introduced the Algorithmic Accountability Act, which would direct businesses to correct discriminatory algorithms. EPIC has promoted Algorithmic Transparency, supported the Universal Guidelines for AI, and published the first reference book on AI policy.

Tags:

algorithmic transparency

Posted by EPIC on December 4, 2019 1:50 PM | Permalink

Facebook Asks Supreme Court to Review Face Scan Decision

Facebook has filed a petition asking the Supreme Court to review a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance.

Tags:

Posted by EPIC on December 5, 2019 4:35 PM | Permalink

CBP Drops Airport Face Scanning Proposal

Customs and Border Protection has removed its proposal to require U.S. citizens to undergo mandatory face recognition at airports, following widespread protest. Currently, only foreign nationals are required to undergo facial screening at airports. According to a CBP spokesperson, the agency has "no current plans to require U.S. citizens to provide photographs upon entry and exit from the United States," and that it "intends to have the planned regulatory action...removed from the unified agenda next time its published." Senator Ed Markey previously blasted CBP's proposal. After CBP reversed its proposed plan, Senator Markey stated "we cannot take our right to privacy for granted. Americans still need protection from facial recognition technology..." and that the planned to introduce legislation to ban biometric surveillance. EPIC is pursuing a lawsuit to uncover documents about the opt-out procedures in CBP's Biometric Entry-Exit program. Congress has explained to Congress and the agency that its Biometric Entry-Exit program unfairly burdens travelers exercising their rights to opt-out of biometric identification. EPIC recently launched a global campaign calling for a moratorium on the use of face recognition for mass surveillance.

Tags:

Posted by EPIC on December 5, 2019 6:55 PM | Permalink

EPIC Backs Strong Implementation of California Privacy Law

In comments to the California Attorney General on proposed regulations to the California Consumer Privacy Act, EPIC backed provisions that would strength consumer protections and identified topics for future action, such as the creation of data protection agency. EPIC's comments followed from its recent report on federal privacy legislation, Grading on a Curve: Privacy Legislation in the 116th Congress. EPIC has long supported state efforts to establish strong privacy safeguards, and opposed federal preemption. EPIC's State Policy Project provides expertise to the states to help shape effective privacy laws.

Continue reading "EPIC Backs Strong Implementation of California Privacy Law" »

Tags:

Posted by Caitriona Fitzgerald on December 6, 2019 5:33 PM | Permalink

FTC Announces Non-Penalty in Cambridge Analytica Case

The FTC issued a press release today about Cambridge Analytica, the company blamed for the Brexit vote that harvested the personal data of 87 m Facebook users for voter profiling and tracking. The misuse of personal data occurred while Facebook was under a consent order and subject to the supervision of the FTC. EPIC urged the FTC to reopen the investigation of Facebook after news of the Cambridge Analytica breach in early 2018. More than 18 months after the scandal broke, the FTC found that Cambridge Analytica, a company now bankrupt, deceived consumers through its data-gathering practices. EPIC previously told Congress that the Cambridge Analytica scandal could have been avoided if the FTC had enforced its own Consent Order.

Tags:

Posted by Caitriona Fitzgerald on December 7, 2019 11:32 AM | Permalink

EPIC to Congress: Strong Encryption Keeps Our Nation Secure

In advance of a hearing on "Encryption on Lawful Access," EPIC wrote to the Senate Judiciary Committee "now is not the time to undermine the systems that we all rely upon to secure our data and communications." EPIC cited growing problems of data breach and cyber attack. Leading computer scientists and security experts, including members of the EPIC Advisory Board, have found that proposals to add "backdoors" for law enforcement are "unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm." EPIC previously filed an amicus brief in Apple v. FBI in support of robust security safeguards for cellphone users. EPIC argued that the "security features in dispute in this case were adopted to protect consumers from crime." EPIC explained that an order to compel Apple to take extraordinary measures to undo these features places at risk millions of cell phone users across the United States. EPIC President Marc Rotenberg warned of the risk of NSA-mandated backdoors in a 1990 article, "The Only Locksmith in Town."

Tags:

Posted by EPIC on December 10, 2019 9:45 AM | Permalink

EPIC to Congress: End Section 215 Surveillance Program

In advance of a hearing on the Foreign Intelligence Surveillance Act, EPIC has sent a statement to the Senate Judiciary Committee urging Congress to end the NSA's phone record collection program, known as "Section 215." EPIC wrote "events of the past few years make clear that Section 215 should not be renewed." Section 215 of the Patriot Act allowed the NSA to collect the telephone records of Americans. In 2013, following the Snowden disclosures, EPIC filed a petition with the Supreme Court, challenging the lawfulness of Section 215. Congress found the 215 program was ineffective and passed the USA Freedom Act to limit data collection. NSA has since acknowledged significant compliance problems. The former Director of National Intelligence also confirmed that the program was suspended. Section 215 will sunset unless Congress chooses to reauthorize the program.

Tags:

Section 215

Posted by EPIC on December 10, 2019 5:30 PM | Permalink

Max Schrems Files GDPR Complaints with French Data Protection Agency

European privacy advocacy group None of Your Business—led by Max Schrems—filed three complaints with the French Data Protection Authority (CNIL). The NOYB complaints charged that companies obtained "fake consent" for online tracking. Max and EPIC have challenged the use of "standard contractual clauses" in a case now before the European Court of Justice, known as "Schrems 2.0". A preliminary decision in that case is expected on December 19. Schrems met with the Privacy Coalition last month in Washington, DC to discuss the GDPR and litigation strategies.

Tags:

GDPR
Schrems

Posted by EPIC on December 10, 2019 5:40 PM | Permalink

Court Sets December Hearing Date in EPIC Case for Release of Mueller Report

A federal court has set a December 18 hearing in EPIC v. DOJ to decide whether the Department of Justice must reprocess the Mueller Report and disclose additional material to EPIC. Earlier in the day, EPIC notified the court that Roger Stone’s criminal trial had ended and that the DOJ had disclosed extensive new details about Stone during the trial. As a result, EPIC is entitled to the disclosure of additional information from the Mueller Report about Stone and his interactions with Wikileaks. The court is also expected to rule soon on EPIC’s motion to disclose the complete, unredacted Report. The book EPIC v. DOJ: The Mueller Report is available for purchase at the EPIC Bookstore.

Tags:

Democracy and Cybersecurity

Posted by John Davisson on December 10, 2019 5:57 PM | Permalink

BREAKING: Court Orders FTC and Facebook to Reply to EPIC’s Brief

Today the U.S. District Court for the District of Columbia ordered both Facebook and the FTC to file replies to EPIC's amicus brief and sur-replies to EPIC's motion to intervene in United States v. Facebook. The case concerns the proposed settlement between the FTC and Facebook for violations of consumer privacy. EPIC argued, "This Court should not adopt the proposed Consent Decree because the parties have not established that it would be fair, adequate, reasonable, appropriate, or consistent with the public interest.” EPIC explained that the proposed settlement “largely mirrors the preexisting Consent Order from 2012. There are few new obligations on the company that would limit the collection and use of personal data, nor will there be any significant changes in business practices.” EPIC noted, the "Commission also seems entirely unconcerned by Facebook’s planned integration of the personal data of WhatsApp users even though this would violate representations both firms previously made to the Commission.” Through a Freedom of Information Act Request, EPIC has uncovered more than 29,000 complaints against Facebook currently pending at the Commission.

Tags:

Facebook
FTC

Posted by Caitriona Fitzgerald on December 10, 2019 7:01 PM | Permalink

EPIC Advises FTC to Strengthen the COPPA Rule to Protect Student Privacy

EPIC today submitted comments to the FTC on the agency's regulatory review of the Children's Online Privacy Protection Act (COPPA) Rules. EPIC said the FTC should : (1) maintain the strong safeguards for children's data, (2) reject the "school official exception", (3) the FTC define the term "commercial purpose" and ensure that children's personal data collected in schools is not transferred to EdTech companies; and (4) the FTC require notification within forty-eights of a data breach of children's data by a company subject to COPPA. EPIC said "the FTC must now establish clear safeguards for children's data gathered in schools." EPIC testified before Congress in 1996 in support of the original children's privacy law. The FTC previously considered EPIC's recommendations in an early review of the COPPA Rule and incorporated several of EPIC's recommendations in the 2013 regulations.

Tags:

Posted by EPIC on December 11, 2019 4:25 PM | Permalink

Documents Obtained by EPIC show Idaho's Use of Subjective Categories in Calculating Risk

In response to EPIC's Public Record Request, the Idaho Department of Correction released several documents about its risk assessment instrument, the "Level of Service Inventory-Revised" (LSI-R). Revealed in an annotated scoresheet that informs the LSI-R's calculation, the Idaho Department of Corrections uses several subjective categories to calculate an offender's risk and recidivism rate--including information about the alleged criminality of a defendant's social network, participation in leisurely activity, and mental health. EPIC also obtained a detailed scoring guide, LSI-R training materials, validation studies, and contract details. Only two validation studies were produced, and they were thirteen years apart. EPIC has obtained documents about pre-trial risk assessments as well as a scoring system developed by the DHS to assign risk assessments to travelers, including US citizens. EPIC has urged government agencies to make transparent algorithmic-based decision making.

Tags:

algorithmic transparency

Posted by EPIC on December 11, 2019 5:05 PM | Permalink

New Report Recommends Privacy Law, Data Protection Agency for US

The Transatlantic Consumer Dialogue (TACD) and the Heinrich Boll Stiftung Foundation published a new report on the privacy practices of Amazon, Netflix, and Spotify in the EU and the US. "Privacy in the EU and US: Consumer experiences across three global platforms" revealed that the companies provided less protection to US users, and that none of the companies complied fully with GDPR. The report recommends "baseline federal data protection and privacy law that does not pre-empt stronger state privacy protections and that creates an independent data protection agency." EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency.

Tags:

Posted by EPIC on December 12, 2019 5:00 PM | Permalink

ICANN Responds Somewhat to Concerns About .ORG

Following widespread protest over the proposed sale of the .ORG domain by the Public Interest Registry to a private equity fund, ICANN posted a response. In a blog post, the ICANN CEO and Board Chair acknowledged that "PIR must obtain ICANN's prior approval before any transaction that would result in a change of control of the registry operator." ICANN further stated that it sent a letter to both ISOC and PIR, "asking them to please be clear and open in all of their communications." EPIC President Marc Rotenberg, a founding board member and former chair of PIR, said that the secrecy of the deal was "a failure of process." He told the Financial Times "You can't make decisions about the allocation of internet domain names in the dark." In a recent commentary for The Hill, Rotenberg said that ICANN should block the sale. Prior to establishing PIR, EPIC launched The Public Voice project to promote civil society participation in decisions concerning the future of the Internet.

Posted by EPIC on December 13, 2019 5:35 PM | Permalink

Supreme Court to Hear Disputes About Release of Trump's Tax Returns

The U.S. Supreme Court announced that it will consider President Trump's appeals to block subpoenas by Congressional committees and the Manhattan District attorney for his financial records, including tax returns.The Second Circuit rejected the President's attempt to block a grand jury subpoena, finding "no support" for the argument "that a President's private and non‐privileged documents may be absolutely shielded from judicial scrutiny." EPIC previously sought public release of President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President. In EPIC v. IRS II, EPIC is currently seeking "offers-in-compromise" and related tax records of President Trump and his businesses.

Tags:

Posted by EPIC on December 13, 2019 6:00 PM | Permalink

EPIC Petitions Supreme Court to Obtain Privacy Impact Assessments from Census Bureau

Today EPIC petitioned the U.S. Supreme Court to review the D.C. Circuit decision in EPIC v. Commerce, which denied EPIC the right to obtain privacy impact assessments that the Census Bureau was required to publish before adding the citizenship question to the 2020 Census. EPIC told the Court that the lower court decision conflicts with earlier Supreme Court opinions and creates obstacles to public access to privacy impact assessments that Congress never intended. EPIC warned the Court that the decision makes the impact assessment obligation "essentially unenforceable." Earlier this year, the Supreme Court's decision in Commerce v. New York led to the removal of the citizenship question from the 2020 Census. EPIC filed an amicus brief in support of that outcome.

Tags:

Posted by EPIC on December 16, 2019 5:05 PM | Permalink

Court Seeks Amicus Briefs in FTC-Facebook Settlement

An order from a federal court in Washington, DC creates an opportunity for groups and individuals to file amicus briefs about the proposed FTC settlement with Facebook. The proposed settlement concerns violations of consumer privacy and the adequacy of the settlement. EPIC argued, "This Court should not adopt the proposed Consent Decree because the parties have not established that it would be fair, adequate, reasonable, appropriate, or consistent with the public interest." EPIC explained that the proposed settlement "largely mirrors the preexisting Consent Order from 2012. There are few new obligations on the company that would limit the collection and use of personal data, nor will there be any significant changes in business practices." EPIC asked the court to provide an opportunity for others to file amicus briefs. The deadline for motions is December 17, 2019.

Tags:

Facebook
FTC

Posted by EPIC on December 16, 2019 5:15 PM | Permalink

FTC May Block Facebook Integration of WhatsApp User Data

According to recent news reports, the FTC may pursue an injunction against Facebook to prevent the integration of WhatsApp and Instagram user data. Analysts noted that integration would make it more difficult to break up the company if required by a subsequent antitrust review. When Facebook proposed to acquire WhatsApp in 2014, EPIC filed a complaint with the FTC advising the agency to block the sale unless adequate privacy safeguards were established for WhatsApp user data.The FTC wrote in response "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook." The European Commission fined Facebook 122 million dollars in 2017 for misleading statements about the integration of the data sets. In a recent filing with a federal court, EPIC wrote "the Commission also seems entirely unconcerned by Facebook's planned integration of the personal data of WhatsApp users even though this would violate representations both firms previously made to the Commission."

Tags:

Posted by EPIC on December 17, 2019 10:40 AM | Permalink

Inspector General's Report Highlights Need for FISA Reforms

The Inspector General's review of FISA applications for the FBI's investigation into Russian interference in the 2016 Presidential Election raises new concerns about the use of the surveillance authority. The Inspector General concluded that the FBI investigation was properly predicated and there was no evidence of political bias or improper motivation. However, the IG Report also detailed significant misrepresentations and errors made in the investigation designated "Crossfire Hurricane." The Report found that "FBI personnel fell far short of the requirement in FBI policy that they ensure that all factual statements in a FISA application are 'scrupulously accurate.'" EPIC has advocated for significant FISA reforms for more than a decade, and recently advised Congress to reform Section 702 of FISA and to sunset Section 215 of the Patriot Act.

Tags:

Posted by EPIC on December 17, 2019 1:15 PM | Permalink

EPIC, Coalition Issue Warning About Amazon Ring

EPIC and a coalition of organizations led by Fight for the Future issued a product warning for Amazon Ring devices, the neighborhood surveillance system posing as a doorbell. The Ring devices have been hacked to initiate conversations with children, leaked user WiFi passwords, assisted ICE with deportations, and used in racially discriminatory profiling. Five prominent Senators have demanded that Amazon provide information about Ring's facial recognition techniques. EPIC has recently launched a campaign to Ban Face Surveillance worldwide.

Tags:

facial recognition

Posted by EPIC on December 17, 2019 5:00 PM | Permalink

Mary Stone Ross Joins EPIC

Mary Stone Ross, former President of Californians for Consumer Privacy, will join the Electronic Privacy Information Center (EPIC) as Associate Director in January 2020. Ross led the most successful privacy campaign in US history gathering 600,000 signatures for a California ballot initiative. That campaign led to enactment of the California Consumer Privacy Act, the most comprehensive consumer privacy law in the United States. The CCPA goes into effect January 1, 2020. EPIC President Marc Rotenberg said, "We are thrilled that Mary is joining EPIC. She brings to EPIC a powerful combination of deep policy expertise, effective grassroots engagement, and concrete legislative results that have benefitted consumers across the country." Press release.

Posted by EPIC on December 17, 2019 5:10 PM | Permalink

EPIC Pursues Release of Location Tracking Orders

EPIC has moved for summary judgment in EPIC v. DOJ, concerning law enforcement's collection of cell site location data through "§ 2703(d) orders." In Carpenter v. United States, the Supreme Court ruled that these searches were unconstitutional. EPIC filed multiple Freedom of Information Act requests to obtain the government orders issued between 2016 and 2019. However, the DOJ claimed that it "does not track" the information EPIC sought and refused to search for records. EPIC explained to the Court that the DOJ has not satisfied its obligations under the FOIA. EPIC also charged that the agency has engaged in "an unlawful pattern and practice" of refusing to search files even when it could do so. EPIC stated that "This unlawful agency practice impacts EPIC and all other requesters who would seek disclosure of records" at the Department of Justice. The case is EPIC v. DOJ, No, 18-1814 (D.D.C.).

Tags:

Posted by EPIC on December 17, 2019 5:30 PM | Permalink

FTC Fails to Improve Unrollme Settlement

Today the FTC finalized a settlement with Unrollme without making changes, as EPIC had urged. Unrollme is an email management company that "falsely told consumers that it would not 'touch' their personal emails in order to persuade consumers to provide access to their email accounts." The FTC required the company to delete personal data it had unlawfully obtained. EPIC further advised the FTC to require Unrollme to notify all users of past deceptive practices and to obtain reauthorization from users before using personal data. The FTC declined to adopt EPIC's recommendations. The agency responded to EPIC that "the Commission has now determined that the public interest would best be served by issuing the Complaint and the Decision and Order in the above-entitled proceeding in final form without any modifications." EPIC routinely comments on proposed FTC settlements in accordance with a provision that requires the agency to seek public comment before finalizing any proposed settlements.

Posted by EPIC on December 17, 2019 5:40 PM | Permalink

Facebook Admits to Location Tracking, Ignoring Privacy Settings

Facebook has admitted that it can determine a user's location even after the user has disabled location services. The statement came in response to a letter from Sens. Josh Hawley (R-Mo.) and Chris Coons (D-Del.). Sen. Hawley tweeted: "There is no opting out. No control over your personal information. That's Big Tech. And that's why Congress needs to take action." The FTC's 2011 consent order with Facebook, followed EPIC's 2009 complaint which established that Facebook ignores user privacy settings. EPIC is challenging the proposed 2019 settlement in part because it does not fix the location tracking problem. A federal court has ordered both Facebook and the FTC to file replies to EPIC. In a related matter, an EPIC case required Accuweather to end surreptitious tracking of users.

Tags:

Posted by EPIC on December 17, 2019 6:20 PM | Permalink

EPIC FOIA - Kavanaugh Drafted White House Speeches on Warrantless Wiretapping

Emails obtained by EPIC in a FOIA lawsuit show that now Justice Kavanaugh, as a top White House advisor, drafted several speeches defending warrantless wiretapping after the New York Times exposed the controversial program in 2005. EPIC has created an index of the email subject lines to illustrate Kavanaugh's role in President Bush's 2006 State of the Union, former Attorney General Gonzales' January 2006 speech at Georgetown Law, and speeches promoting border surveillance. Kavanaugh was particularly involved in revising a paragraph on the NSA program in the 2006 State of the Union. Documents previously obtained by EPIC revealed that Kavanaugh exchanged hundreds of emails with White House and DOJ staff about the NSA surveillance program and gathered legal justifications for the program. Congress ended the controversial program in 2015, following extensive hearings. On the DC Circuit Court of Appeals in 2015, Judge Kavanaugh issued a surprising opinion on surveillance authority. Senator Leahy pursued Kavanaugh's views on surveillance during the Supreme Court nomination hearing.

Tags:

Posted by EPIC on December 18, 2019 1:50 PM | Permalink

Poll: Strong Public Support for Privacy Legislation in 2020

A new poll of registered voters found that 79% of Americans believe that Congress should enact privacy legislation and 65% of voters said data privacy is "one of the biggest issues our society faces." The Morning Consult poll found bipartisan consensus: 83% of Democrats and 82% of Republicans said that privacy legislation should be an important or top priority for Congress. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency.

Tags:

Public Opinion

Posted by EPIC on December 19, 2019 11:55 AM | Permalink

EU Advocate General Backs Data Transfers, Criticizes Privacy Shield

Today the EU Advocate General issued an advisory opinion in "Schrems 2.0," a case about Facebook’s transfer of personal data to the United States. The Advocate General backed data transfers generally but sharply criticized the EU-US Privacy Shield agreement. The Advocate also said that data protection authorities must enforce privacy obligations. The Advocate General cited EPIC's expert submissions in the case concerning the adequacy of US privacy law. The case follows the European Court's landmark decision in Schrems v. DPC striking down the "Safe Harbor" arrangement. The European Court of Justice is expected to issue a binding opinion in the next few months. After the original Schrems opinion, EPIC testified in Congress. EPIC's Marc Rotenberg urged Congress to "modernize" US privacy law and also establish an independent privacy agency.

Tags:

Posted by EPIC on December 19, 2019 1:55 PM | Permalink

Intelligence Court Rebukes FBI

The Foreign Intelligence Surveillance Court this week criticized the FBI for misleading judges, following a scathing report from the Inspector General. In a rare public order, the Court explained that the Bureau's representations were "antithetical to the heightened duty of candor" that the government must satisfy in surveillance applications. Presiding Judge Collyer wrote, "The frequency with which representations made by F.B.I. personnel turned out to be unsupported or contradicted by information in their possession, and with which they withheld information detrimental to their case, calls into question whether information contained in other F.B.I. applications is reliable." The Court ordered the FBI to propose new procedures by January 10, 2020. EPIC has advocated for significant FISA reforms for almost 20 years, and recently advised Congress to limit Section 702 of FISA and to sunset Section 215 of the Patriot Act.

Tags:

FISA

Posted by EPIC on December 19, 2019 5:50 PM | Permalink

NIST Study Finds Extensive Bias in Face Surveillance Technology

The National Institute of Science and Technology study of Face Recognition Software found that false positives are up to 100 times more likely for Asian and African American faces when compared to White faces. NIST examined 189 software algorithms from 99 developers, a "majority of the industry," according to the federal agency. The highest rates of false positives were found for African American females — which NIST says is "particularly important because the consequences could include false accusations." EPIC has called for a global moratorium on the use of Face Surveillance technology. The Public Voice declaration in support of the moratorium has been endorsed by over 100 organizations and 1000 individuals in more than 40 countries.

Tags:

facial recognition

Posted by EPIC on December 20, 2019 4:30 PM | Permalink

Court Orders Further Briefing in EPIC v. AI Commission

A federal court has ordered the National Security Commission on Artificial Intelligence to respond to EPIC's arguments that the Commission is violating a federal law requiring advisory committees to operate transparently. During a hearing in EPIC v. AI Commission, Judge Trevor N. McFadden ordered the parties to file briefs concerning the Commission's obligation to hold open meetings and publish its records. The court has already ruled that the AI Commission must comply with EPIC's Freedom of Information Act request. In the same hearing, the government stated that the Defense Department will disclose records about the AI Commission in the next 4-6 weeks. The Commission, which is tasked with developing U.S. AI policy, recently released a report to Congress criticizing the EU General Data Protection Regulation and calling for greater "government access to data on Americans."

Tags:

Posted by EPIC on December 20, 2019 4:40 PM | Permalink

DOD Advises Military Personnel to Avoid DNA Home Test Kits, Citing Privacy

The Department of Defense is warning military personnel against using home DNA test kits, citing the privacy risks that the tests pose. “These [direct-to-consumer] genetic tests are largely unregulated and could expose personal and genetic information,” reads a DOD memo circulated to servicemembers. “Moreover, there is increased concern in the scientific community that outside parties are exploiting the use of genetic data for questionable purposes, including mass surveillance and the ability to track individuals without their authorization or awareness.” DNA profiles contain sensitive personal data that can impact employment decisions, insurance availability, and criminal justice outcomes. EPIC’s Marc Rotenberg spoke recently with C-Span Washington Journal about the privacy risks of DNA kits. EPIC has backed privacy safeguards for genetic data in comments to federal agencies and amicus briefs for the US Supreme Court.

Tags:

Posted by Caitriona Fitzgerald on December 31, 2019 10:27 AM | Permalink

Following EPIC's Recommendations, FAA Launches Rulemaking for Remote Drone ID

Five years after EPIC first recommended that the Federal Aviation Administration establish drone identification rules "similar to the Automated Identification System for commercial vessels,” the Federal Aviation Administration has proposed regulations that would require nearly all drones in U.S. airspace to be remotely identifiable. Drones would be required to transmit their location and identification details to an online FAA tracking system. Drones flying more than 400 feet from their operators would also be required to broadcast location and ID to surrounding areas. In 2015, EPIC wrote “Drones should be required to broadcast their registration information to allow members of the public and law enforcement officials to easily identify the operator and responsible party.” EPIC further stated any drone operating in the national airspace system include a mandatory GPS tracking feature that would always broadcast the location of a drone when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information.” The European Union’s drone regulations incorporate these recommendations. Comments on the FAA proposed rule are due March 2, 2020.

Tags:

Posted by Caitriona Fitzgerald on December 31, 2019 10:31 AM | Permalink