« April 2020 | Main | June 2020 »

May 2020 Archives

May 1, 2020

ICANN Blocks .ORG Sale to Private Equity Firm

ICANN has blocked the proposed sale of the .ORG domain to a private equity fund. ICANN cited the importance of maintaining the “fundamental public interest nature of [the Public Interest Registry].” EPIC has long been involved in the governance and promotion of the .ORG domain and had argued that the sale should be blocked.

Tags:

Posted by Caitriona Fitzgerald on May 1, 2020 10:04 AM |

Senators to Introduce COVID-19 Data Protection Bill

A group of four senators has announced plans to introduce the COVID-19 Consumer Data Protection Act, a bill which would regulate businesses’ collection and use of personal health and location data in connection with the COVID-19 pandemic. The bill would require companies to obtain “affirmative express consent” before collecting personal data, to disclose details about how personal data will be used, to satisfy data minimization and security requirements, and to allow consumers to opt out. Businesses would also be required to “delete or de-identify all personally identifiable information” when it is no longer needed for the COVID-19 crisis. The bill—sponsored by Senators Roger Wicker, John Thune, Jerry Moran, and Marsha Blackburn—charges the Federal Trade Commission with enforcement. EPIC recently told Congress that “privacy and public health are complimentary goals” and that "Privacy Enhancing Techniques can be deployed to serve the public interest and protect individuals." EPIC’s report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law, including the creation of a Data Protection Agency and room for states to enact stronger privacy laws.

Tags:

Posted by John Davisson on May 1, 2020 10:49 AM |

Massachusetts Governor: State Will Not Adopt Digital Contact Tracing Without Privacy Protections

Massachusetts Governor Charlie Baker (R) expressed skepticism about digital contact tracing yesterday in a press conference, saying in response to a reporter’s question about the apps: “That means if we incorporate something like the types of technology you’re talking about into this, we’re going to have to do it in a way that makes people feel comfortable that they’re not giving up some of their privacy and confidentiality because we incorporated an electronic app into the process.” Massachusetts has led the country in quickly building a workforce to perform manual contact tracing in partnership with Partners in Health. For digital contact tracing techniques, EPIC recently recommended that "(1) participation should be lawful and voluntary; (2) there should be minimal collection of personally identifiable information; (3) the system should be robust, scalable, and provable; and (4) the system should only be operated during the pandemic emergency."

Tags:

Posted by Caitriona Fitzgerald on May 1, 2020 11:46 AM |

May 5, 2020

Pew Survey: Use of Location Data to Enforce Social Distancing 'Unacceptable'

A new Pew Research survey found about 62% of Americans believe it is unacceptable for the government to use location data to ensure compliance with social distancing guidelines. The Pew survey results are based on a nationally representative panel of randomly selected U.S. adults. EPIC has urged that the use of technology to combat COVID-19 must be lawful and voluntary. Last year, Pew found that 75% of Americans say there should be new regulations of what companies may do with personal data. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency.

Tags:

Posted by Caitriona Fitzgerald on May 5, 2020 11:27 AM |

May 6, 2020

EPIC, Coalition To White House: Set Privacy Standards for COVID-19 Data and Technology Uses

EPIC and 14 other consumer, privacy, civil and digital rights organizations sent a letter to Coronavirus Task Force leader Vice President Mike Pence urging the federal government to set guidelines that protect privacy and ensure equity in responding to the COVID-19 pandemic. The group stated, “[t]he proper use of technology, personal and aggregate data, and data analytics has the potential to provide important public health benefits, but it must incorporate proper privacy and security safeguards, as well as protections against discrimination and violations of civil and other rights.” The group also raised concerns about public-private partnerships that utilize technology to respond to COVID-19 without the necessary privacy safeguards. The letter outlines 11 principles that form the basis for standards that the government and private sector can follow and asked Vice President Pence for a meeting to discuss their concerns. The group also asked that the Coronavirus Task Force immediately create an interdisciplinary advisory committee comprised of experts from privacy, social science, data security, public health, and members of civil society to develop standards. To Congress, EPIC has said that it is "essential that government agencies and private companies implement standards that safeguard privacy.”

Tags:

Posted by Caitriona Fitzgerald on May 6, 2020 10:18 AM |

AI Commission Calls for Privacy, Civil Liberties Safeguards on COVID-19 Contact Tracing

The National Security Commission on Artificial Intelligence has released a set of privacy and civil liberties recommendations concerning digital contract tracing during the COVID-19 pandemic. The Commission urged that contact tracing tools must include data minimization, transparency, explicit user consent, and input from privacy and security professionals. The Commission also warned that contract tracing systems must address "challenges with inclusiveness and potential discrimination." The Commission advised Congress to establish technological standards and to require the Federal Trade Commission to regulate the technology. Since January, the Commission has released hundreds of pages of documents as part of the open government lawsuit EPIC v. AI Commission. EPIC is also litigating to enforce the Commission's obligation to hold open meetings.

Tags:

Posted by EPIC on May 6, 2020 3:35 PM |

Supreme Court Hears Oral Argument in Robocall Ban Case

Earlier today, the U.S. Supreme Court heard oral argument in Barr v. American Association of Political Consultants. The argument was livestreamed, with EPIC staff providing commentary on Twitter. The case asks whether an exemption to the Telephone Consumer Protection Act, a law that prohibits unwanted robocalls, is constitutional, and, if not, whether the exemption should be severed or the whole law struck down. EPIC defended the TCPA in an amicus brief. EPIC said that the robocall ban is "constitutionally permissible and serves important governmental interests." EPIC explained that cell phone adoption has made "the harm caused by unwanted automated calls" greater than when the robocall ban was enacted in 1991. EPIC said that "without the autodialer ban, the assault of unwanted calls could make cell phones unusable." EPIC also argued that "a minor amendment to an otherwise constitutional law, passed decades after the original enactment, should not take down an act of Congress." EPIC frequently files amicus briefs on the TCPA, including in the related case, Gallion v. Charter Communications.

Tags:

Posted by EPIC on May 6, 2020 4:55 PM |

May 8, 2020

Senators Call on FTC to Investigate Ed Tech, Advertising Aimed at Children

A bipartisan group of Senators has urged the Federal Trade Commission to launch an investigation into children's data practices in the educational technology and digital advertising sectors. In a letter to the FTC, Senators Edward Markey (D-Mass.), Josh Hawley (R-Mo.), Richard Blumenthal (D-Conn.), Bill Cassidy (R-La.), Dick Durbin (D-Ill.), and Marsha Blackburn (R-Tenn.) said "The FTC should use its investigatory powers to better understand commercial entities that engage in online advertising to children—especially how those commercial entities are shifting their marketing strategies in response to the Coronavirus pandemic and increased screen time among children." In December 2019, EPIC submitted comments to the FTC on the agency's regulatory review of the Children's Online Privacy Protection Act (COPPA) Rules. EPIC said the FTC should : (1) maintain the strong safeguards for children's data, (2) reject the "school official exception", (3) the FTC define the term "commercial purpose" and ensure that children's personal data collected in schools is not transferred to EdTech companies; and (4) the FTC require notification within forty-eight hours of a data breach of children's data by a company subject to COPPA.

Tags:

Posted by Caitriona Fitzgerald on May 8, 2020 11:08 AM |

Under Scrutiny, Clearview Plans to Cancel Accounts With Private Companies

In response to a lawsuit brought under the Illinois Biometric Information Privacy Act, Clearview AI—the controversial facial recognition company—committed to cancelling all accounts with private companies. The commitment comes as Clearview AI tries to stave off a temporary injunction that would prevent the company from using any information it has collected from Illinois residents. In an amicus brief before the ninth circuit, EPIC defended an individual's right to sue companies who violate the Illinois Biometric Information Privacy Act and other privacy laws. More recently, EPIC filed a Freedom of Information Act request to several government agencies seeking records about the government's use of Clearview AI technology. Earlier this year, EPIC and over 40 organizations urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

Posted by EPIC on May 8, 2020 12:15 PM |

New York AG Reaches Agreement with Zoom over Privacy Violations

New York Attorney General Letitia James has announced an agreement with Zoom Video Communications following an investigation into Zoom's consumer safeguards. Zoom agreed to enhance encryption protocols, perform yearly penetration testing, and add privacy-enhancing features to its platform. The agreement also provides enhanced privacy controls for education accounts. Last month, EPIC urged the FTC to issue best practices for online conferencing.

Tags:

Posted by Caitriona Fitzgerald on May 8, 2020 2:27 PM |

May 11, 2020

U.S. Government Agencies Warn That Internet Voting Poses Significant Security Risk

The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the Election Assistance Commission, and the National Institute of Standards and Technology has sent a risk assessment to states warning of the “significant security risk” of online voting. “While there are effective risk management controls to enable electronic ballot delivery and marking,” the agencies said, “we recommend paper ballot return as electronic ballot return technologies are high-risk even with controls in place.” EPIC has a long history of working to protect voter privacy and election integrity. In 2016 EPIC published The Secret Ballot at Risk: Recommendations for Protecting Democracy, a report highlighting the right to a secret ballot and how Internet voting threatens voter privacy.

Tags:

Posted by Caitriona Fitzgerald on May 11, 2020 2:40 PM |

May 12, 2020

Supreme Court to Hear Arguments in Case for Disclosure of Trump Tax Returns

The Supreme Court will hear arguments Tuesday morning in Trump v. Vance, a case concerning the release of President Trump's tax returns to a grand jury. EPIC filed an amicus brief in the case supporting disclosure. EPIC explained that President Trump broke with 40 years of precedent by concealing his tax records, even as he sought to collect sensitive voter and citizenship data from the public. "This is inverted liberty: privacy for the President and compelled disclosure of personal data for the public," EPIC argued. "That is antithetical to the structure and practice of modern democracies which safeguard the privacy of citizens and impose transparency obligations on political leaders, most notably the President." EPIC previously sought public release of President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President. In EPIC v. IRS II, EPIC is seeking "offers-in-compromise" and related tax records of President Trump and his businesses.

Tags:

Posted by EPIC on May 12, 2020 10:25 AM |

EPIC to Argue for Disclosure of FAA Drone Committee Records

EPIC Counsel John Davisson will argue before the D.C. Circuit Court of Appeals Tuesday morning in EPIC's open government case against the FAA Drone Advisory Committee. The argument is scheduled to begin around 10 a.m. EPIC filed suit in 2018 against the industry-dominated committee, which largely ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the committee was forced to disclose hundreds of pages of records. But a lower court ruled that the agency could withhold records from the committee's secretive working groups. EPIC recently told the Court of Appeals that the FAA's interpretation of the Federal Advisory Committee Act would undermine the open meetings law. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.).

Tags:

Posted by EPIC on May 12, 2020 10:30 AM |

May 13, 2020

EPIC Settles FOIA Case Regarding DHS Drone Reports

EPIC settled a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain public release of a drone status report and other related documents required by a 2015 Presidential Memorandum. The memorandum required the report to detail the status of implementing privacy, civil liberties, and civil rights protections against DHS' use of surveillance drones. The 2015 DHS status report attempted to justify the use of drones by Customs and Border Protection, but a 2018 Inspector General report called into question the CBP's drone privacy policies and procedures. The Inspector General found that CBP failed to complete a required analysis for a drone surveillance system and failed to implement effective safeguards for information collected by drones. EPIC has called on Congress to "establish drone privacy safeguards that limit the risk of public surveillance."

Tags:

Posted by EPIC on May 13, 2020 10:25 AM |

May 14, 2020

Groups Tell FTC to Investigate TikTok’s Failure to Protect Children’s Privacy

EPIC and coalition of child advocacy, consumer, and privacy groups today filed a complaint urging the Federal Trade Commission to investigate and penalize TikTok for violating the Children's Online Privacy Protection Act. TikTok paid a $5.7 million fine for violating the children's privacy law last year. But more than a year later, TikTok has failed to delete personal information previously collected from children and is still collecting kids’ personal information without notice to and consent of parents. The groups were led by the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy.

Tags:

Posted by Caitriona Fitzgerald on May 14, 2020 2:41 PM |

Public Health Emergency Privacy Act Introduced

Representatives Anna G. Eshoo (CA-18), Jan Schakowsky (IL-09), Suzan DelBene (WA-01), and U.S. Senators Richard Blumenthal (D-CT), and Mark Warner (D-VA) today today introduced the Public Health Emergency Privacy Act. The bill would protect personal data collected in connection with COVID-19 from being used for non-public health purposes, and provides for both public and private enforcement. “The Public Health Emergency Privacy Act shows that privacy and public health are complementary goals. The bill requires companies to limit the collection of health data to only what is necessary for public health purposes, and crucially, holds companies accountable if they fail to do so,” said Caitriona Fitzgerald, EPIC Interim Associate Director and Policy Director.

Tags:

Posted by Caitriona Fitzgerald on May 14, 2020 4:12 PM |

EPIC Seeks Records About Utah and North Dakota's Contact Tracing Apps

EPIC has filed two government records requests to Utah and North Dakota seeking information about their contact tracing apps launched in response to the COVID-19 pandemic. Utah launched Healthy Together, an app that tracks individual movements using Bluetooth and location tracking services. North Dakota similarly launched its own contact tracing app called Care19, which collects GPS location data, WiFi data, and cell phone tower data to track an individual's movements over time. Both Utah and North Dakota claim that the use of the apps are voluntary and that users can delete the sensitive data collected. But neither state has disclosed any privacy assessments or independent audits conducted on the apps. On the federal level, EPIC is pursuing a Freedom of Information Act request with the Department of Justice seeking DOJ legal analysis about the collect of GPS and cell phone location data. EPIC has also told Congress that government agencies and private companies must establish privacy safeguards for digital contact tracing.

Tags:

Posted by EPIC on May 14, 2020 5:00 PM |

May 15, 2020

Senate Amends FISA Reauthorization Bill, Sends Back to the House

The Senate voted today to pass an amended version of the USA FREEDOM Reauthorization Act of 2020, which was passed by the House in March. The bill would end the NSA’s bulk telephone metadata program and make further reforms to the Foreign Intelligence Surveillance Act. The Senate agreed this week to further amendments by Senators Lee and Leahy that expand FISA protections, but rejected amendments proposed by Senators Wyden and Daines that would have protected Americans’ internet browsing and search histories. The adopted Leahy/Lee amendment strengthens the role of “amici curiae,” who are independent, expert advisors to the Foreign Intelligence Surveillance Court, by increasing their access to information, their power to raise issues with the Court, and the number of cases they are appointed in. Since amendments were adopted, the bill now returns to the House of Representatives for consideration. Members of both parties have expressed support for reform of the controversial NSA surveillance program. EPIC closely tracks the use of FISA authority. EPIC has advocated for significant FISA reforms, and recently advised Congress to limit Section 702 surveillance and to allow Section 215 to expire.

Continue reading "Senate Amends FISA Reauthorization Bill, Sends Back to the House" »

Tags:

Posted by Caitriona Fitzgerald on May 15, 2020 9:27 AM |

EPIC Obtains New Records in Case Against AI Commission

EPIC, as part of the open government case EPIC v. AI Commission, has obtained more documents from the National Security Commission on Artificial Intelligence and the Department of Defense. The records provide the first public look at the work of the AI Commission’s closed-door working groups. Yet the records contain only a single reference to the privacy risks posed by the use of AI. The Commission's disclosure follows a court ruling in EPIC v. AI Commission that the Commission is subject to the FOIA. The AI Commission has regularly held closed-door meetings with tech firms and defense contractors without soliciting input from the American public. EPIC is also litigating to enforce the Commission's obligation to hold open meetings. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by John Davisson on May 15, 2020 11:10 AM |

May 19, 2020

French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

The Conseil d'État, France's highest administrative court, issued a decision banning French authorities from using drone surveillance to track individuals violating social distancing rules. The Court cited privacy issues with drone surveillance and stated that drone surveillance by police would be banned until technology is added to prevent the filming and identification of individuals or approval was given by France's privacy regulator, the Commission nationale de l'informatique et des libertés. EPIC recently argued argued before the D.C. Circuit Court of Appeals in EPIC's open government case against the FAA Drone Advisory Committee. EPIC filed suit in 2018 after the Advisory Committee largely ignored the privacy risks posed by drones. Despite the Committee's disregard for privacy, documents obtained by EPIC showed the Committee identified privacy as a top public concern. EPIC also recently settled a Freedom of Information Act lawsuit against DHS for a report detailing the status of implementing privacy, civil liberties, and civil rights protections against DHS' use of surveillance drones.

Tags:

Posted by EPIC on May 19, 2020 4:20 PM |

May 21, 2020

PA Supreme Court Says State Can Fire Employee for Facebook Post

The Pennsylvania Supreme Court has determined that a state agency can fire an employee for a post to a private Facebook group. In weighing the state’s interests against the employee’s speech interests, the court in Carr v. Department of Transportation ignored the U.S. Supreme Court’s decision in Packingham v. North Carolina, which called social media “the modern public square.” In an amicus brief, EPIC urged the Pennsylvania Supreme Court to protect the right of public employees to speak on matters of public concern on social media without fear of dismissal, citing to Packingham. EPIC warned that "allowing the Government to fire a public employee for posts made in a private Facebook group would encourage government supervisors to surveil employees across social media." EPIC has frequently argued that the First Amendment protects the right of individuals to engage in activities free from government surveillance, in cases including City of Los Angeles v. Patel, Doe v. Reed, and Americans for Prosperity v. Becerra.

Tags:

Posted by Megan Iorio on May 21, 2020 11:02 AM |

May 26, 2020

EPIC Obtains North Dakota Contact Tracing App Contract; App Goes Against Privacy Policy and Sends Data to Third Parties

Through a government records request EPIC has obtained the contract between North Dakota and ProudCrowd, LLC for the Care19 contact tracing app launched in response to the COVID-19 pandemic. The one-year software license agreement between ProudCrowd and North Dakota provides the state use of the contact tracing app and use of server space. According to the state, the Care19 app generates a random ID number for each user when it is tracking users' movements. North Dakota's privacy policy states that the location data is kept private (not sent to third parties) and stored securely on ProudCrowd servers. The state has not explained why it would store private health data on a storage system not controlled by the government. But a recent report indicates that the Care19 app sends location data and a unique user identifier to Foursquare and a software bug tracking company called Bugfender. The app also sends the phone's advertising ID to Google. ProudCrowd states that it will update the app and its privacy policies in the future. EPIC has told Congress that private companies must establish privacy safeguards for digital contact tracing.

Tags:

Posted by EPIC on May 26, 2020 9:20 AM |

May 27, 2020

Two Bills Introduced to Restrict Microtargeting of Political Ads

Members of Congress have introduced two bills to restrict the microtargeting of online political advertisements. EPIC supports both bills. The Banning Microtargeted Political Ads Act, sponsored by Rep. Anna Eshoo (CA-18), would prohibit online platforms from targeting ads at users on the basis of their personal data. "This is an important step forward in protecting Americans’ privacy and in protecting our democratic institutions," said Caitriona Fitzgerald, EPIC Interim Associate Director and Policy Director. The Protecting Democracy from Disinformation Act would restrict microtargeting of political ads based on demographic characteristics and personal data collected online. "This bill will help ensure that the democratic process isn't distorted by privacy-invasive and discriminatory targeting of political ads," said John Davisson, EPIC Counsel. The bill is sponsored by Rep. David Cicilline (RI-1) and co-sponsored by Reps. Sean Casten (IL-6), Alcee Hastings (FL-20), Jahana Hayes (CT-5), Henry Johnson (GA-4), and Stephen Lynch (MA-8). Both bills would allow consumers to sue platforms that engage in illegal microtargeting. EPIC’s report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law.

Tags:

Posted by John Davisson on May 27, 2020 5:17 PM |

May 29, 2020

AI Commission Seeks Public Comments

The National Security Commission on Artificial Intelligence is seeking public comments on federal AI policy—a step that EPIC has repeatedly urged the Commission to take. The Commission is charged with developing recommendations on the use of AI in national security and defense contexts. But the Commission has conducted much of its work in secret and without public input, leading EPIC to file an open government lawsuit against the Commission. EPIC won a court ruling that the AI Commission is subject to the Freedom of Information Act, and the Commission has begun disclosing its records. EPIC is also litigating to enforce the Commission's obligation to hold open meetings. Public comments to the AI Commission are due by September 30, 2020.

Tags:

Posted by John Davisson on May 29, 2020 9:28 AM |

EPIC Obtains Records about Utah's Contact Tracing App; State Hasn't Conducted Privacy Audit of App

Through a Freedom of Information request, EPIC has obtained records concerning Utah’s "Healthy Together” COVID-19 app. The documents include a presentation from Twenty Holdings, Inc., the company that developed the app, and include details of its development. The records reveal that “[o]nce the economy resumes normalcy, the App will continue to provide the mechanism to monitor any emerging risks.” It has been reported that Twenty hopes to sell the app and app back end to other states and private companies. The developers of the app plan to integrate the Apple/Google API when it is available. The app current methodology relies on collated location data from all users, rather than decentralized proximity tracking. The Utah Governor’s Office of Management and Budget found no records of any audits or independent privacy assessments of the contact tracing app. EPIC has called on Congress to ensure that government agencies and private companies establish privacy safeguards for digital contact tracing. But without audits and independent privacy assessments, contact tracing apps like Healthy Together cannot be "robust, scalable, and provable."

Tags:

Posted by Alan Butler on May 29, 2020 9:11 PM |

Search


About May 2020

This page contains all entries posted to epic.org in May 2020. They are listed from oldest to newest.

April 2020 is the previous archive.

June 2020 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3