« July 2020 | Main | September 2020 »

August 2020 Archives

August 3, 2020

EPIC Urges U.S. Supreme Court to Recognize Narrow Scope of FOIA Exemption for Deliberative Documents

In an amicus brief, EPIC has urged the Supreme Court to cabin agency use of the deliberative process privilege to withhold documents from FOIA requesters. The case, U.S. Fish & Wildlife Service v. Sierra Club, concerns opinions from two federal agencies about a proposed EPA rule. Parts of the agencies’ opinions and recommendations were transmitted to the EPA, and the EPA revised its rule based on this information. Nevertheless, the agencies claim that the documents are deliberative and refused to disclose them under the FOIA. EPIC’s brief argues that “agencies have taken an unjustifiably broad view of the deliberative process privilege, often improperly withholding documents that are clearly not deliberative.” EPIC has many years of experience litigating FOIA cases, and provided the Court with examples where agencies have taken an overbroad view of the privilege, such as EPIC v. DOJ (Predictive Policing Report) and EPIC v. DOJ (Warrantless Wiretapping Memoranda). EPIC regularly litigates FOIA cases and files amicus briefs on open government issues.

Tags:

Posted by Megan Iorio on August 3, 2020 8:09 PM |

August 4, 2020

EPIC to Senate Commerce: Hold Hearing on Data Protection Agency Legislation

In a statement to the Senate Commerce Committee before a Federal Trade Commission oversight hearing, EPIC urged lawmakers to establish an independent U.S. Data Protection Agency. "When it comes to data protection, the FTC is not up to the task. It is time to establish an independent federal data protection agency in the United States," EPIC wrote. EPIC pointed to the FTC's failure to both stop mergers that threaten consumer privacy and enforce its own consent orders. EPIC urged the Committee to hold a hearing on and give a favorable report to S. 3300, the Data Protection Act filed by Senator Gillibrand, which creates an independent U.S. Data Protection Agency.

Tags:

Posted by Caitriona Fitzgerald on August 4, 2020 2:00 PM |

August 5, 2020

EPIC Urges FAA to Require Privacy Safeguards With Exemption Grants

In comments to the Federal Aviation Administration, EPIC reminded the agency of the importance of addressing the privacy risks of drones as they are integrated into the national airspace. EPIC was responding to a notice of a petition for exemption to conduct drone deliveries. EPIC urged the FAA to use the exemption process to require the implementation of privacy safeguards. Starting with a 2012 petition, EPIC has recommended that the FAA establish drone privacy regulations and to ensure that drones broadcast an ID. Earlier this year, EPIC, joined by other organizations, submitted comments to the FAA regarding the agency's proposed rule for drone IDs.

Tags:

Posted by EPIC on August 5, 2020 4:10 PM |

August 6, 2020

Massachusetts Supreme Court Rejects Long-Term Video Surveillance of Residents' Homes

The Massachusetts Supreme Judicial Court ruled this week that the Massachusetts Declaration of Rights protects the right to privacy in the areas around one's home from warrantless pole camera surveillance over several months. The court held that residents are constitutionally protected against extended surveillance when, "in the aggregate, [it] expose[s] otherwise unknowable details of a person's life." The court also refused to make privacy rights "contingent upon an individual's ability to afford to install fortifications and a moat around his or her castle." The court cited Commonwealth v. Connolly, which declared that Massachusetts residents have a right to be free from warrantless GPS surveillance under the Declaration of Rights. EPIC filed a friend of the court brief in Connolly. EPIC regularly files briefs in cases that involve emerging privacy and civil liberties issues.

Posted by Melodi Dincer on August 6, 2020 1:02 PM |

August 7, 2020

EPIC Obtains New Records From AI Commission

EPIC, as part of the open government case EPIC v. AI Commission, has obtained more documents from the National Security Commission on Artificial Intelligence. The records include a third-party presentation provided to the AI Commission about the use of "psychology and AI" to "help prepare an AI-enabled workforce." The presentation endorses the use of AI job screening tools like HireVue and claims that "reducing time-to-hire is as important as making good decisions." EPIC filed a Federal Trade Commission complaint last year highlighting HireVue’s unlawful failure to meet baseline standards for AI decision-making. The presentation also argues that "sociometers can be used to train AI about effective communication" in the workplace. Sociometers are "wearable electronic device[s] capable of automatically measuring the amount of face-to-face interaction, conversational time, physical proximity to other people, and physical activity levels using social signals derived from vocal features, body motion, and relative location." Separately, EPIC obtained a presentation from IARPA on "Artificial Intelligence and Threats." The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by John Davisson on August 7, 2020 1:53 PM |

August 10, 2020

New Jersey Supreme Court Finds Passcode Disclosure Testimonial, But Allows Compelled Decryption of Cell Phone

The New Jersey Supreme Court ruled today in State v. Andrews that an exception to the Fifth Amendment privilege against self-incrimination allows the government to compel decryption of a cell phone if the government has a valid search warrant and knows the identity of the phone’s owner. The court determined that compelled disclosure of a passcode is a testimonial act, but found that the foregone conclusion exception can apply to force decryption under certain circumstances. Importantly, the court stressed that, because the scope of the search in this case was very narrow, the decision did not license a “fishing expedition.” The court also signaled that it would apply the same restrictions to biometric passcodes as alphanumeric passcodes, stating that applying different standards to the two types of passcodes would be “problematic.” EPIC filed an amicus brief and presented oral argument in the case. Citing Riley v. California and Carpenter v. United States, EPIC argued that the vast troves of personal data stored in cell phones “justifies strong constitutional protections.” During oral argument, EPIC urged the court to adopt one rule for biometric and alphanumeric passcodes.

Tags:

Posted by Megan Iorio on August 10, 2020 1:14 PM |

EPIC Obtains Records About Texas's Use of Aerial Surveillance

Through a Public Information Act request to the Texas Department of Public Safety, EPIC obtained records about the department's use of two Pilatus surveillance planes, including videos recorded during the George Floyd protests. Reports have indicated that these planes, purchased by the state for border operations, were used to surveil cities hundreds of miles from the border. EPIC obtained flight logs from January 1, 2018 to June 15, 2020, plane technical specifications and the department's video retention policy. The flight logs revealed that the surveillance planes flew an average of one flight per day between May 25 to June 15, 2020, with a total of 103 hours of total flight time. In over ninety percent of these flights, the planes recorded no video. The planes reportedly cost an average of $474 an hour to fly, and the Texas DPS spent roughly $49,000 to record three videos over the three-week span. The Texas DPS withheld three videos recorded between May 25 to June 15, 2020, during the height of the George Floyd protests, despite its video retention policy stating that "all retained video copies...will be subject to open records requests." EPIC has long highlighted the privacy and civil liberties implications of aerial surveillance technology and has called on Congress to "establish drone privacy safeguards that limit the risk of public surveillance."

Tags:

Posted by EPIC on August 10, 2020 3:40 PM |

August 11, 2020

Federal Appeals Court Dismisses CareFirst Data Breach Appeal

The D.C. Circuit has ruled that it lacks jurisdiction to hear the appeal of CareFirst customers whose data was stolen in a 2014 data breach. The lower court in Attias v. CareFirst dismissed most of the plaintiffs and claims in the case for failure to allege damages and certified the dismissed claims for appeal. The D.C. Circuit determined that some of the claims could not be appealed until the remaining claims were resolved by the lower court, and it was not clear whether the district court judge intended to certify the claims of the dismissed plaintiffs alone. The decision comes over a year after the parties briefed the substantive questions on appeal. EPIC filed an amicus brief that urged the court to impose a duty of reasonable data protection on businesses to ensure that companies protect the personal data they collect. EPIC also filed an amicus brief in the case the last time it was in the D.C. Circuit on a challenge to consumer standing. The D.C. Circuit held that the CareFirst consumers had standing to sue for the data breach.

Tags:

Posted by Megan Iorio on August 11, 2020 11:22 AM |

August 7, 2020

UK Government Agrees to Stop Using 'Visa Streaming' Algorithm

The Home Office of the UK has announced that it will halt the use of its "Visa Streaming" algorithm. This change is the result of a settlement in a lawsuit brought to challenge use of the algorithmic decision system by the UK Government. The system produced a "traffic light" assessment of visa applicants (Green, Yellow, or Red ) that informed how they would be treated during the visa approval process. The algorithm used for the assessments is not transparent, and critics have raised concerns that the system was discriminating against individuals based on their nationality in a discriminatory form. The challengers in the suit alleged that the program violated the Equality Act of 2010, in that the algorithm exacerbated unequal treatment for Visa applicants from particular countries. Secretary of the Home office Priti Patel committed to redesign the program and to consider "issues around unconscious bias and the use of nationality" in the visa application process.  EPIC advocates for algorithmic transparency, has counseled the US and EU on responsible AI, and maintains a resource on algorithms used in the US Criminal Justice System.

Tags:

Posted by John Davisson on August 7, 2020 9:41 AM |

August 13, 2020

GAO Releases Report on Privacy, Discrimination Risks of Facial Recognition

The U.S. Government Accountability Office has released a key report about privacy and discrimination risks posed by the commercial use of facial recognition. The GAO completed the report in response to research showing the disparate impact the technology has on minorities, including a National institute of Science and Technology study which found that facial recognition systems misidentify Black women at disproportionately high rates. The GAO report finds that, despite improvements in facial recognition technology, "differences in performance exist for certain demographic groups." The GAO report reiterates the office’s 2013 recommendation urging Congress to update the federal consumer privacy framework to reflect changes in technology. EPIC advocates for a comprehensive federal privacy law and has called for a moratorium on face surveillance.

Tags:

Posted by John Davisson on August 13, 2020 9:41 AM |

August 18, 2020

Schrems Files 101 Complaints Targeting US-EU Data Transfers

None of Your Business, the privacy NGO established by EPIC Advisory Board member Max Schrems, has filed complaints in all 30 EU and EEA member states against 101 European companies that still forward data about each visitor to Google and Facebook. “We have done a quick search on major websites in each EU member state for code from Facebook and Google. These code snippets forward data on each visitor to Google or Facebook. Both companies admit that they transfer data of Europeans to the US for processing, where these companies are under a legal obligation to make such data available to US agencies like the NSA. Neither Google Analytics nor Facebook Connect are essential to run these webpages and are services that could have been replaced or at least deactivated by now.” says Max Schrems, honorary chair of noyb.eu. The complaints come in the wake of a recent the European Court of Justice (CJEU) decision which found the Privacy Shield, which permitted companies to freely transfer users' personal data, illegally infringed EU residents' data protection and privacy rights. EPIC participated as an amicus curiae in the case, arguing that U.S. surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad.

Tags:

Posted by Caitriona Fitzgerald on August 18, 2020 9:32 AM |

August 19, 2020

Algorithm in UK Disadvantaged Poorer Students in Grade Estimation Effort

An algorithm was used by the UK Office of Qualifications and Examinations Regulation (Ofqual) to assign grades to students after exams were cancelled due to the COVID-19 pandemic. The tool downgraded 36% of A-level grades suggested by instructors, and students form poorer neighborhoods and state-run schools were downgraded disproportionately. After threats of lawsuits and significant public outrage, OfQual announced they will use teacher evaluations rather than the products of the algorithm. In July, the International Baccalaureate program used an opaque algorithm to assign scores that were key to college admissions. EPIC has advocated for Algorithmic Transparency and the adoption of the Universal Guidelines for AI.

Posted by Ben Winters on August 19, 2020 2:24 PM |

Federal Government Advises on Federal Laws Potentially Violated When Intercepting Drones

The FAA, DOJ, FCC, and DHS jointly issued the "Advisory on the Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems." The advisory covers the applicable federal laws that non-federal or private entities might violate if they sought to detect or mitigate drone threats, including the Wiretap Act and Computer Fraud and Abuse Act. Congress previously granted the DOJ and DHS broad authority to detect and mitigate drone "threats" in the Preventing Emerging Threats Act of 2018 that was incorporated into the FAA Reauthorization Act of 2018. The FAA Reauthorization Act of 2018 required a report on drone surveillance risks but did not establish any baseline privacy safeguards. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities.

Tags:

Posted by EPIC on August 19, 2020 4:40 PM |

Documents Obtained by EPIC Reveal DHS’s Slow Response to Election Cybersecurity Threats, Underscore Risks Posed by New Voting Technologies

EPIC has obtained additional documents related to federal efforts to respond to election cybersecurity threats in its suit against the Department of Homeland Security. The documents include summaries of: the DHS's contacts with election officials, state reports of election security incidents going back to 2016, meeting minutes from the DHS Election Task Force in 2017, and a September 2016 Election Infrastructure Cyber Risk Characterization Report. The incident logs reveal difficulties contacting campaign officials in the lead up to the 2016 Election and concern voiced within the agency about "unbalanced" outreach. And DHS contacts with state election officials were somewhat limited as some were wary that the critical infrastructure designation "would at a later time lead to regulation on states." In the September 2016 Election Infrastructure Cyber Risk Characterization Report, the DHS Office of Cyber and Infrastructure Analysis found that compromises in voter registration databases resulted in the potential release of personally identifiable information but not the modification of the underlying records. The DHS determined that exposure of this information could undermine public confidence in election systems. The DHS also counseled strongly against untested voting technologies, finding that the "introduction of new technologies in the voting system will increase vulnerabilities to the election system in the future," particularly the implementation of internet-connected voting systems. The case is EPIC v. DHS, 17-2047 (D.D.C.).

Tags:

Posted by EPIC on August 19, 2020 4:45 PM |

Search


About August 2020

This page contains all entries posted to epic.org in August 2020. They are listed from oldest to newest.

July 2020 is the previous archive.

September 2020 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3