epic.org: September 2020 Archives

Brazil's General Data Protection Law To Take Effect This Month

Brazil’s Lei Geral de Proteção de Dados (or LGPD), enacted in 2018, will go into effect this month. The LGPD is similar to the EU's General Data Protection Regulation, granting individual rights and placing obligations on companies processing personal data. The Brazilian law also creates a National Data Protection Authority. EPIC has long advocated for the enactment of comprehensive privacy legislation and the creation of data protection agency. EPIC’s report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law.

Tags:

policy

Posted by Caitriona Fitzgerald on September 1, 2020 3:49 PM | Permalink

Amazon Claims 'Halo' Device Will Monitor User's Voice for 'Emotional Well-Being'

Despite the exceptional privacy risks of biometric data collection and opaque, unproven algorithms, Amazon last week unveiled Halo, a wearable device that purports to measure "tone" and "emotional well-being" based on a user's voice. According to Amazon, the device "uses machine learning to analyze energy and positivity in a customer's voice so they can better understand how they may sound to others[.]" The device also monitors physical activity, assigns a sleep score, and can scan a user's body to estimate body fat percentage and weight. In recent years, Amazon has come under fire for its development of biased and inaccurate facial surveillance tools, its marketing of home surveillance camera Ring, and its controversial partnerships with law enforcement agencies. Last year, EPIC filed a Federal Trade Commission complaint against Hirevue, an AI hiring tool that claims to evaluate "cognitive ability," "psychological traits," and "emotional intelligence" based on videos of job candidates. EPIC has long advocated for algorithmic transparency and the adoption of the Universal Guidelines for AI.

Tags:

Posted by John Davisson on September 1, 2020 4:24 PM | Permalink

Apple and Google Announce Changes to Digital Contact Tracing System

Apple and Google today announced "Exposure Notification Express," an updated version of the companies' joint digital contact tracing technology. The revised system will allow public health agencies to conduct digital contact tracing without having to develop their own independent apps. In jurisdictions that have adopted the Apple-Google system, mobile users will now be automatically notified that the contact tracing tool is available, though the system will remain opt-in only. In response to Apple and Google's original proposal for a COVID-19 contact tracing system, EPIC told Congress that it is "essential that government agencies and private companies implement standards that safeguard privacy." For digital contact tracing techniques, EPIC recommended that "(1) participation should be lawful and voluntary; (2) there should be minimal collection of personally identifiable information; (3) the system should be robust, scalable, and provable; and (4) the system should only be operated during the pandemic emergency." EPIC has also obtained records from Utah and North Dakota that underscore the privacy risks of both states' COVID-19 contact tracing apps.

Tags:

COVID-19

Posted by John Davisson on September 1, 2020 4:58 PM | Permalink

EPIC Obtains Additional Records From AI Commission

EPIC, as part of the open government case EPIC v. AI Commission, has obtained additional records from the National Security Commission on Artificial Intelligence. The documents produced include a delegation letter from AI Commission chair and former Google CEO Eric Schmidt, as well as reports on AI research and "workforce automation." In June, a federal court ruled in EPIC's case that the AI Commission is subject to the Federal Advisory Committee Act. Judge Trevor N. McFadden ordered the Commission to hold open meetings, which the Commission did for the first time in July. The Commission approved a set of recommendations to Congress at the meeting. Judge McFadden previously ruled that the AI Commission is subject to the Freedom of Information Act, and the Commission began disclosing its records to EPIC in January. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

AI Commission

Posted by John Davisson on September 1, 2020 5:28 PM | Permalink

Report Details EU States' Use of Automated Decision-Making During Pandemic

In a report released this week, AlgorithmWatch analyzed how 16 countries throughout the European Union have adopted automated decision-making tools in response to the COVID-19 pandemic. Deployment of these tools is widespread across the EU, including voluntary exposure notification apps, a mandatory app recently greenlit by Slovenian government, and an app used in Poland and Hungary that relies on geolocation and face surveillance to enforce quarantine rules. The report notes that the effectiveness of automated contract tracing "lack[s] hard evidence . . . even months after the first deployments." EPIC has published recommendations on preserving privacy during the pandemic and has called on Congress to establish privacy safeguards for digital contact tracing.

Tags:

Posted by John Davisson on September 2, 2020 12:44 PM | Permalink

Unsealed Documents: Google Employees Knew Location Privacy Settings Were Misleading

Documents recently disclosed in Arizona's consumer protection lawsuit against Google show that the company's employees admitted Google's location privacy settings were "confusing" and potentially misleading. The suit, brought by Arizona Attorney General Mark Brnovich, alleges that Google violated the Arizona Consumer Fraud Act by collecting and storing location data on mobile devices—even after users believed they had turned off location tracking. A newly-unsealed version of Arizona's complaint reveals that Google employees knew the interface was "[d]efinitely confusing from a user point of view[.]" One employee wrote that Google's interface "feels like it is designed to make things possible, yet difficult enough that people won't figure it out." In July, twenty-seven members of EPIC's advisory board signed a letter urging the court to reject Google's efforts to delay a decision on unsealing the documents. In 2018, EPIC told to the Federal Trade Commission that Google's surreptitious tracking of user location data violated the FTC's 2011 Google consent order. The 2011 settlement with Google followed a detailed complaint brought by EPIC and a coalition of consumer organizations.

Tags:

Posted by John Davisson on September 1, 2020 6:58 PM | Permalink

Appeals Court: NSA Call Metadata Program Was Illegal, Likely Unconstitutional

The Ninth Circuit U.S. Court of Appeals ruled today that the NSA's bulk collection of phone call metadata violated the Foreign Intelligence Surveillance Act and was likely unconstitutional. EPIC and a coalition of groups filed an amicus brief in the case, United States v. Moalin, arguing that call metadata is protected under the Fourth Amendment. "We hold that the telephony metadata collection program exceeded the scope of Congress's [FISA] authorization," the Ninth Circuit wrote. The court rejected the argument that individuals lack a Fourth Amendment expectation of privacy in call metadata simply because the data is held by phone companies. The public is "likely to perceive as private several years' worth of telephony metadata collected on an ongoing, daily basis—as demonstrated by the public outcry following the revelation of the metadata collection program," the court explained. The court cited to the coalition amicus brief and to the work of EPIC advisory board member Laura K. Donohue. However, the court declined in this particular case to exclude the unlawfully collected metadata as evidence. In In re EPIC, EPIC petitioned the Supreme Court to end the NSA's bulk phone record collection program, which occurred with the 2015 passage of the USA Freedom Act.

Tags:

Posted by John Davisson on September 2, 2020 4:26 PM | Permalink

EPIC to Supreme Court: Government Insiders Who Improperly Access Personal Data Violate Computer Crime Statute

EPIC has filed an amicus brief in the U.S. Supreme Court case Van Buren v. United States, which concerns whether a police officer violated the Computer Fraud & Abuse Act by accessing personal data in a government database for non-law enforcement purposes. EPIC’s brief argues that the CFAA was enacted “to protect personal information stored in recordkeeping systems” and the scope of the law “should be co-extensive with its data protection purpose.” EPIC wrote that government databases “hold vast quantities of some of the most sensitive personal data imaginable” and that “we need the CFAA, now more than ever, to be an extra check against abuse by the people entrusted to access sensitive data and systems.” The brief also responds to concerns about the potential scope of CFAA liability by noting that “any limiting principle should be tethered to the underlying purpose of” the provision, which is “to protect sensitive data from exposure and subsequent misuse.” EPIC has participated as amicus in LinkedIn v. hiQ Labs, which concerns the application of the CFAA to companies that scrape social media user data. The petition for review in the LinkedIn case is pending in the U.S. Supreme Court.

Tags:

EPIC Amicus Filing Van Buren

Posted by Megan Iorio on September 3, 2020 2:54 PM | Permalink

GAO Report: CBP Needs to Address Privacy Issues with Facial Recognition Deployment

A report by the Government Accountability Office found that Customs and Border Protection needs to address privacy issues with the agency's deployment of facial recognition technology at ports of entry. CBP currently deploys facial recognition at 27 airports as part of their Biometric Entry-Exit Program. The GAO found that CBP has not provided adequate privacy notices or information on opting out of facial recognition to the public. Additionally, the agency has failed to implement a plan to audit privacy compliance by airline partners involved in the program. EPIC has previously explained to Congress and the CBP that its Biometric Entry-Exit program unfairly burdens travelers exercising their rights to opt-out of facial recognition. EPIC has called on Congress to suspend facial recognition at airports and earlier this year urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

Posted by EPIC on September 3, 2020 3:35 PM | Permalink

Portland City Council Votes to Ban Facial Recognition

The Portland City Council has passed two ordinances banning the use of facial recognition. One ordinance prohibits the city from using facial recognition. A second ordinance prohibits private companies from using facial recognition in public spaces. The ordinances note the technologies demonstrated "biases against Black people, women, and older people." Portland joins a growing list of cities that have banned the facial recognition technology, including Boston, Oakland, and San Francisco. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. Earlier this year, an EPIC-led coalition called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

facial recognition

Posted by EPIC on September 10, 2020 12:10 AM | Permalink

Facebook to be Ordered to Stop Sending EU Data to U.S.

The Irish Data Protection Commissioner has reportedly issued a preliminary order instructing Facebook to stop transferring the data of EU users to the United States. The order comes in the wake of a recent the European Court of Justice (CJEU) decision which found the Privacy Shield, which permitted companies to freely transfer users' personal data, illegally infringed EU residents' data protection and privacy rights. EPIC participated as an amicus curiae in the case, arguing that U.S. surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad.

Tags:

Posted by Caitriona Fitzgerald on September 10, 2020 11:00 AM | Permalink

EPIC, Coalition Urge for Congressional Briefings on Election Security to Continue

In a letter to the Direction of National Intelligence John Ratcliffe, EPIC joined a coalition of other groups calling for the continuation of in-person briefings to Congress on election security. The letter states, "[e]fforts to interfere with American elections are a serious threat to our democratic process and undermine public confidence in our institutions." The group emphasized that "it is critical that [ODNI] continue responding to all congressional oversight inquiries and continue to appear in-person to answer questions." EPIC is currently suing the Department of Homeland Security for records about the agency's assessment of election vulnerabilities following the 2016 presidential election and its ongoing role in protecting election systems as critical infrastructure. The agency has released hundreds of pages of records to EPIC about its role in election cybersecurity, including: DHS's contacts with election officials, state reports of election security incidents going back to 2016, meeting minutes from the DHS Election Task Force in 2017, and a September 2016 Election Infrastructure Cyber Risk Characterization Report.

Tags:

Posted by EPIC on September 11, 2020 2:35 PM | Permalink

EPIC Urges EU to Enact Comprehensive AI Legislation

In comments to the European Commission, EPIC urged the EU to enact robust legislation covering all uses of AI in order to protect fundamental rights. The comments came in response to the Commission's Inception Impact Statement, which presented legislative options ranging from non-regulation of AI to regulating only "high-risk" AI to regulating all forms of AI. "Oversight of both public and private uses of AI will help avoid inappropriate applications of the technology, minimize the opacity of AI decision-making, and avoid arbitrary actions and determinations," EPIC wrote. EPIC explained that is essential to regulate all forms of AI—rather than just "high risk" applications—because "[i]nformation collected under one purpose not previously determined as 'high-risk' can easily be used in a 'high-risk' purpose" later. EPIC recommends that governments rely on the Universal Guidelines for AI and the OECD AI Principles as a baseline for AI policy.

Tags:

Posted by John Davisson on September 14, 2020 2:24 PM | Permalink

Professors Hartzog and Richards: Clearview AI Gets Privacy and First Amendment Wrong

In a recent Boston Globe op-ed Professors Woody Hartzog, an EPIC Advisory Board member, and Neil Richards assert that Clearview AI's claim of a First Amendment right to scrape, analyze, and disseminate publicly available photos is a threat to privacy that misunderstands the right to free speech. Clearview AI's claim is a response to a lawsuit filed under Illinois' Biometric Information Privacy Act (BIPA) challenging the company’s collection of photos and sale of facial recognition services. EPIC filed an amicus brief before the 9th Circuit defending an individual's right to sue companies who violate BIPA and other privacy laws. Recently EPIC filed FOIA requests with several government agencies revealed as users of Clearview AI technology. Earlier this year, EPIC and over 40 organizations urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

Posted by EPIC on September 14, 2020 4:45 PM | Permalink

Oracle Enters Deal with TikTok to be 'Trusted Tech Provider' to the U.S

Oracle, of the nation's largest data brokers, has agreed a deal with TikTok's parent company ByteDance to become a "trusted technology provider" to the U.S. The U.S. government previously raised concerns about the protection of user data collected by the popular video sharing app, especially given the power of the Chinese government to obtain data from TikTok. The full details of the agreement between TikTok and Oracle are unknown, but the White House and the Committee on Foreign Investments in the U.S. still need to approve this deal. Treasury Secretary Steve Mnuchin said that the department plans to review the deal, and the department acknowledged its obligation to review the service's data protection standards. Earlier this year, EPIC and a coalition of child advocacy, consumer, and privacy groups filed a complaint to the Federal Trade Commission to investigate TikTok's failure to protect children’s privacy.

Tags:

Posted by EPIC on September 14, 2020 4:55 PM | Permalink

EPIC: "Regulators Failed and Google Turned The Internet Into a Surveillance Machine"

In advance of a Senate Judiciary Committee hearing on "Stacking the Tech: Has Google harmed competition in online advertising?," EPIC argued in a Medium post that the answer to that question is obviously yes, but Congress shares some of the blame. "There are many problems with today's online advertising systems," EPIC wrote, "[b]ut it didn't have to be this way. More active regulation by the government could have sustained online advertising models that were good for advertisers and businesses and for consumers, journalism, and democracy." In 2000, EPIC opposed Doubleclick's acquisition of Abacus. In 2007, EPIC told the FTC that Google's proposed acquisition of DoubleClick would lead to consumers being tracked and profiled by advertisers across the web.

Tags:

Posted by Caitriona Fitzgerald on September 15, 2020 8:48 AM | Permalink

IoT Security Bill Passed in House of Representatives

The House of Representatives has passed a bill governing the security of the Internet of Things. The "Internet of Things Cybersecurity Improvement Act of 2019" sets baseline cybersecurity standards for IoT devices purchased by the federal government. The bipartisan measure is sponsored by Rep. Will Hurd (R-Texas) and Rep. Robin Kelly (D-Ill.) “The Internet of Things grows every single day, and, by the end of next year, it will include more than 20 billion devices. The result is an astounding, unimaginable amount of data—90% of the data in the entire world was created in the last two years. America needs to keep up with this incredible trend, and that means ensuring proper security and protections—the IoT Cybersecurity Improvement Act is a step in that direction,” said Hurd. The Senate Homeland Security Committee advanced a similar bill last year. EPIC recently told Congress that "the IoT network is the weak link in consumer products" and urged the establishment of of mandatory privacy and security standards.

Tags:

Posted by Caitriona Fitzgerald on September 15, 2020 9:48 AM | Permalink

Mauritius Ratifies Convention 108+, 36 Countries Back Privacy Convention

This week, Mauritius signed and ratified the Modernized International Privacy Convention. Mauritius became the sixth state to officially ratify the modernized Convention 108, and the 36th country to become a signatory. The Council of Europe Convention 108+ is the first and only binding international legal instrument for data protection. Updated in 2018, the Modernized Convention includes new provisions on biometric data, algorithmic transparency, enhanced oversight. Non-members of the Council of Europe are able to sign the Convention, and EPIC and consumer groups have long urged the United States to ratify the international Privacy Convention.

Tags:

Posted by Caitriona Fitzgerald on September 15, 2020 11:52 AM | Permalink

Bipartisan Policy Center Calls for AI Regulation, Data Privacy Law

The Bipartisan Policy Center, along with Rep. Will Hurd (R-TX) and Rep. Robin Kelly (D-IL), recently released white paper outlining recommendations for Congress to regulate the use Artificial Intelligence. The recommendations include enacting federal data privacy legislation, funding the National Institute of Standards and Technology to develop optional technological standards, and publicly releasing benchmark datasets for some applications of AI. The Center also published a report on Artificial Intelligence and National Security report this summer. EPIC advocates for the enactment of a federal comprehensive data privacy law, tracks privacy legislation, and recommends baseline mandatory technical standards for AI.

Tags:

Posted by John Davisson on September 15, 2020 4:26 AM | Permalink

Court Holds Closed-Door Hearing in EPIC Mueller Report Case

A federal court in Washington, D.C. will hold a closed-door hearing with the Department of Justice today in EPIC's case for disclosure of the complete, unredacted Mueller Report. Judge Reggie B. Walton is currently conducting an "in camera" review of the full Report to determine what additional information must be released to public. In June, Judge Walton said that he could not "assess the merits of certain redactions without further representations from the Department" and ordered the DOJ to attend an "ex parte" (one-on-one) hearing. After several delays due to COVID-19, that hearing will be held this afternoon. The DOJ also provided written responses to the court in July, which revealed that Judge Walton had questioned every legal basis asserted by the DOJ to withhold material in the Mueller Report. As part of those responses, the DOJ conceded that it would have to disclose additional material from the Report. EPIC's Freedom of Information Act case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.

Tags:

Mueller Report

Posted by John Davisson on September 15, 2020 12:52 PM | Permalink

Reps. Hurd, Kelly Introduce Resolution to Guide U.S. AI Policy

Rep. Will Hurd (R-TX) and Rep. Robin Kelly (D-IL) released a resolution Wednesday proposing a set principles for AI policy in the United States. The recommendations include enacting federal privacy legislation "to build trust [and] prevent harm"; developing AI standards in order to ensure "technologies that are safe, secure, reliable, and comport with the norms and values of the United States"; and conducting regular oversight of AI use in the executive branch. The resolution comes after the two representatives released multiple reports on AI with the Bipartisan Policy Center. EPIC advocates for comprehensive data protection legislation, has evaluated existing proposals for federal privacy legislation, and recommends the Universal Guidelines for AI and the OECD Principles on AI as a baseline for AI policy.

Tags:

AI

Posted by John Davisson on September 17, 2020 10:21 AM | Permalink

EPIC Urges FCC to Adopt AI Principles, Support Robust Regulation of AI

In comments to the Federal Communication Commission's Technological Advisory Council, EPIC urged the FCC to "support the establishment of a strong regulatory framework to ensure AI transparency and accountability within the agency and the private sector." EPIC's comments are directed to the TAC's AI Working Group, which analyzes the role of AI in telecommunications networks and services. EPIC recently submitted comments to the EU urging the European Commission to enact comprehensive AI legislation. In February, EPIC filed a petition with the FTC calling for a rulemaking on the use of AI in commerce. EPIC recommends that governments rely on the Universal Guidelines for AI and the OECD AI Principles as a baseline for AI policy.

Tags:

Posted by EPIC on September 18, 2020 2:25 PM | Permalink

Senate Republicans Introduce Weak 'SAFE DATA Act'

Senators Roger Wicker, John Thune, Marsha Blackburn, and Deb Fischer have introduced the “SAFE DATA Act,” which relies on an outdated notice-and-choice model that allows companies to diminish the rights of consumers and use personal data to benefit the company but not the individual. "Senator Wicker’s SAFE DATA Act allows companies to collect any personal data it pleases as long as it discloses it in its privacy policy,” said EPIC Policy Director Caitriona Fitzgerald. "And it prohibits states from adopting or enforcing any data privacy or data security laws. The SAFE DATA Act is very weak compared to Senator Gillibrand’s Data Protection Act, Senator Brown’s discussion draft, and the Online Privacy Act introduced in the House.” EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency.

Tags:

Posted by Caitriona Fitzgerald on September 18, 2020 4:11 PM | Permalink

BREAKING: DOJ Releases New Material from Mueller Report in EPIC Case

The Justice Department, as part of an open government lawsuit brought by EPIC, has released another round of previously unpublished material from the Mueller Report. The newly disclosed passages are listed in the "Redaction" column of a DOJ spreadsheet—though outside of their original context from the Mueller Report. The spreadsheet was originally drafted to answer questions from Judge Reggie B. Walton, who is conducting an "in camera" review of the complete Mueller Report after determining that Attorney General Bill Barr's redactions may have been "self-serving." Among the newly disclosed material is an excerpt from an Internet Research Agency document that describes the Russian government's goal of "spread[ing] distrust towards the candidates and the political system in general" and states that "All the primaries are purchasable." The DOJ previously released new passages from the Mueller Report in June, and the court is expected to decide soon whether additional material must be published. EPIC's Freedom of Information Act case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.

Tags:

Mueller Report

Posted by John Davisson on September 18, 2020 4:54 PM | Permalink

EPIC Demands Privacy Commitments From Oracle, TikTok

EPIC has sent demand letters to Oracle and TikTok warning both of their legal obligation to protect the privacy of TikTok users if the companies enter a partnership. Last week, following President Trump's threat to effectively ban TikTok from the United States, Oracle reached a tentative agreement to serve as TikTok's U.S. partner and to "independently process TikTok's U.S. data." But the deal, which would pair one of the largest brokers of personal data with a social network of 800 million users, presents grave privacy and legal risks. "Absent strict privacy safeguards, which to our knowledge Oracle has not established, [the] collection, processing, use, and dissemination of TikTok user data would constitute an unlawful trade practice," EPIC wrote. EPIC warned Oracle and TikTok that unless they "adequately protect the privacy of TikTok users"—for example, by committing not to sell TikTok user data or merge it with Oracle products—EPIC intends to bring a lawsuit against both companies under the D.C. Consumer Protection Procedures Act. EPIC previously used the same law to force AccuWeather to stop deceptively gathering users' location data. EPIC and a coalition of consumer groups recently filed a Federal Trade Commission complaint against TikTok for violating the Children's Online Privacy Protection Act.

Tags:

Posted by John Davisson on September 21, 2020 6:30 AM | Permalink

EPIC to Senate Commerce: the U.S. Needs a Data Protection Agency

In a statement to the Senate Commerce Committee before a hearing on the need for federal privacy legislation, EPIC urged lawmakers to establish an independent U.S. Data Protection Agency. EPIC laid out the FTC's typical privacy playbook: consent decrees, infrequent penalties, and no meaningful changes in business practices. "The FTC does not have the motivation or the tools necessary to enforce meaningful privacy and data protection rights in 2020," EPIC said, pointing to settlements the FTC had reached with Facebook, Google, YouTube, Uber, and Equifax. EPIC also noted the FTC's failure to use its existing authority to regulate privacy, including its rulemaking authority under Section 5 to establish stronger data security standards. "If the FTC fails to use these authorities, then the Commission is not capable of protecting Americans’ privacy, and the Commission should no longer be trusted to do so," EPIC stated. EPIC urged the Committee to hold a hearing on and give a favorable report to S. 3300, the Data Protection Act filed by Senator Gillibrand, which creates an independent U.S. Data Protection Agency.

Tags:

Posted by Caitriona Fitzgerald on September 22, 2020 9:31 PM | Permalink

CBP Failed to Protect Sensitive Biometric Information in Test of Facial Recognition Program

In a new report, the Inspector General for the Department of Homeland Security found that Customs and Border Protection failed to safeguard pictures of travelers obtained for a facial recognition pilot program, the Biometric Entry-Exit Program. The pictures were exposed in a data breach of a CBP subcontractor, Perceptics, LLC. OIG found that the CBP failed to undertake sufficient information security practices to prevent Perceptics from obtaining the data. At least 17 of the images were ultimately released on the dark web. EPIC leads an ongoing campaign to Ban Face Surveillance. In 2018, EPIC urged CBP to suspend its Biometric Entry-Exit Program. EPIC previously obtained documents on that program through a FOIA lawsuit.

Tags:

Posted by EPIC on September 24, 2020 10:25 AM | Permalink

Pennsylvania's Supreme Court Prohibits Election Officials From Counting 'Naked Ballots'; PA Voters Must Use Secrecy Envelopes

Last week, Pennsylvania’s State Supreme Court ordered election officials not to count so-called “naked ballots” in the 2020 Election. These are mail-in ballots that arrive without an inner secrecy envelope. Pennsylvania's two-envelope ballot system includes a "secrecy envelope" that does not have personally identifiable information. The purpose of the secrecy envelope is to ensure that voter privacy is protected, but the state Supreme Court has now ruled that failure to lose the envelope would invalidate a ballot. There is a concern that voters who are submitting their ballots by mail for the first time might not understand the two-envelope system. The state has committed to increasing voter outreach and education to ensure that voters understand the need to use the secrecy envelope. Voters should check the Pennsylvania Mail-in & Absentee Ballots webpage and instructional video for more information on how to properly vote by mail. If Pennsylvania voters provide their email when registering for a mail-in ballot, they can receive ballot application and processing information. Voters can also track the status of their ballots online. Pennsylvania voters' mail-in ballot must be postmarked or returned to a designated drop off location by 8pm on Election Day. Anyone who is voting by mail or absentee should track the status of their ballots, and EPIC recently launched an interactive map to link voters to their state election resources.

Tags:

voting

Posted by EPIC on September 24, 2020 3:50 PM | Permalink

New Housing Regulation Limits Disparate Impact Housing Claims Based on Algorithms

Individuals alleging that a landlord discriminated against them by using a tenant-screening algorithm will face a higher burden of proof under a new rule that went into effect last Thursday. The rule creates a defense to a discrimination claim under the Fair Housing Act where the “predictive analysis” tools used were not "overly restrictive on a protected class" or where they “accurately assessed risk.” Last October, EPIC and several others warned the federal housing agency that providing such a safe harbor for the use of algorithms in housing without imposing transparency, accountability, or data protection regulations would exacerbate harms to individuals subject to discrimination. The agency did modify its rule following comments from EPIC and others, removing a complete defense based on use of an "industry standard” algorithm or in cases where the algorithm was not the “actual cause” of the disparate impact. But the final rule simply replaces the word “algorithm” with “predictive analysis” and includes vague "overly restrictive" and "accurate assessment” standards. The Alliance for Housing Justice called the rule "a vague, ambiguous exemption for predictive models that appears to confuse the concepts of disparate impact and intentional discrimination.” EPIC has called for greater accountability in the use of automated decision-making systems, including the adoption of the UGAI principles and requirements for algorithmic transparency.

Posted by Ben Winters on September 29, 2020 9:34 AM | Permalink

VICTORY: Court Orders Additional Mueller Report Disclosures in EPIC Case

A federal court, ruling in EPIC v. DOJ, has ordered the Department of Justice to disclose extensive new material from the Mueller Report. The decision marks a victory in EPIC's 18-month case for disclosure of the unredacted Report. Judge Reggie B. Walton rejected the DOJ's argument that it could withhold portions of the Report as "predecisional," noting that the Mueller Report describes "decisions that were already final." Judge Walton, who reviewed the full Mueller Report before issuing his ruling, ordered the DOJ to provide EPIC with a less-redacted version of the Report by November 2. The DOJ previously released material from the Mueller Report on two occasions as part of EPIC's case. EPIC's Freedom of Information Act suit—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.

Tags:

Mueller Report

Posted by John Davisson on September 30, 2020 1:49 PM | Permalink

Zoom, Twitter Failures Highlight Discriminatory Impact of Facial Recognition

A pair of recent discoveries about Zoom and Twitter's facial recognition algorithms highlights the discriminatory impact of such systems and reinforces EPIC's call for a moratorium on face surveillance. Technologist Colin Madland recently tweeted images showing that Zoom's facial recognition tool failed to recognize a black colleague's face when using a digital background–even though it easily identified Madland's face. In subsequent tweets from the same thread, it became apparent that Twitter's image preview system also had a strong bias toward centering images on white faces over black faces. Twitter said it had previously tested the system for bias, but the company will now "open source [its] work so others can review and replicate." A 2019 study from NIST of a majority of facial recognition vendors found significant rates of racial bias. In addition to calling for a moratorium on facial surveillance, EPIC advocates for algorithmic transparency and a comprehensive federal data privacy law.

Tags:

Posted by John Davisson on September 30, 2020 8:22 AM | Permalink

Report on Trump Tax Records Reinforces EPIC's Calls for Presidential Tax Return Disclosure

A blockbuster report from the New York Times revealing details of President Trump's tax history underscores the need for transparency of presidential tax returns, which EPIC has repeatedly advocated. The Times reports that the President paid little or no income tax in many years; is due to repay hundreds of millions of dollars in loans in the near term; and that he has "received more money from foreign sources and U.S. interest groups than previously known." The Times also reports that Trump and the Internal Revenue Service reached a tentative agreement in 2014 over a disputed $70 million tax refund—a deal that may have been struck under the IRS's offer in compromise procedures. In EPIC v. IRS II, EPIC is currently litigating for the release of offer in compromise records involving the President and his associated businesses. By law, these records "shall be disclosed to members of the general public." In March, EPIC filed an amicus brief in Trump v. Vance urging the Supreme Court to allow the release of President Trump's tax returns to a New York grand jury. EPIC wrote that the "longstanding practice of disclosing presidential tax returns reflects a central principle of modern democracies: privacy must sometimes yield to accountability." The Court ultimately rejected the President's effort to categorically shield his tax returns from state prosecutors. EPIC also sought public release of President Trump's tax returns in EPIC v. IRS I, arguing that disclosure was necessary to correct numerous factual misstatements made by the President.

Tags:

Posted by John Davisson on September 29, 2020 2:00 PM | Permalink