« December 2020 | Main | February 2021 »

January 2021 Archives

January 6, 2021

FAA Announces Final Rule for Remote Drone ID

The Federal Aviation Administration posted the agency's final rule for remote drone identification. The final rule will require all drones to broadcast drone ID information in real-time, eliminating the option in the proposed rule to forgo real-time broadcast and only submit drone ID information for retention by a third party. EPIC previously commented on the FAA's proposed rule, urging the FAA to require all drones to provide real-time public access to drone ID information. In 2015, EPIC argued that drones should be required to broadcast relevant information to the public while in operation.

Tags:

Posted by EPIC on January 6, 2021 3:15 PM |

January 11, 2021

Supreme Court to Decide Whether the First Amendment Protects Donor Privacy

The Supreme Court has granted review in Americans for Prosperity v. Becerra to decide whether the First Amendment protects donors to charities from compulsory disclosure of their identifying information. A California law requires charitable organizations to identify donors who contribute above a certain amount annually in a form filed with the state. Americans for Prosperity and other charitable organizations challenged the law, arguing that the reporting requirement violates First Amendment rights to speech and association. The Ninth Circuit ruled that the law did not violate the First Amendment. EPIC filed an amicus brief in the Ninth Circuit, arguing that donor privacy is an important tradition and that, contrary to California's assurances, the data was at risk of public disclosure. EPIC frequently files briefs in First Amendment cases, including several before the Supreme Court.

Posted by Melodi Dincer on January 11, 2021 11:50 AM |

New Petition Urges Supreme Court to Ensure Fifth Amendment Protections for Cell Phone Passcodes

The American Civil Liberties Union and the Electronic Frontier Foundation have asked the U.S. Supreme Court to reverse the New Jersey Supreme Court's decision in State v. Andrews, which allows the government to compel an individual to disclose their cell phone passcodes. EPIC filed an amicus brief in Andrews and presented oral argument to the New Jersey Supreme Court arguing that the vast troves of data stored in a cell phone require strong constitutional protections. State supreme courts have disagreed about the extent to which individuals are protected from compelled disclosure of their cell phone passcode. Some courts, like New Jersey and Massachusetts, have applied the "foregone conclusion" exception to require individuals to divulge their passcodes. Others, like Pennsylvania and Indiana, have refused to apply that exception and found that the Constitution protects against compelled disclosure of cell phone passcodes.

Posted by Melodi Dincer on January 11, 2021 12:33 PM |

FTC Orders Photo App to Delete Algorithms Built on Personal Data

The Federal Trade Commission has reached a settlement with Everalbum, Inc., a California-based developer of a photo storage app, over allegations that it deceived consumers about its use of facial recognition technology and its retention of the photos and videos of users who deactivated their accounts. The proposed order requires the company to delete the facial recognition technologies it illegally developed using user photos and videos. According to the FTC complaint, Everalbum represented that it would not apply facial recognition technology to users’ content unless users affirmatively chose to activate the feature. But the company allowed some Ever app users—those located in Illinois, Texas, and Washington state —to choose whether to turn on the face recognition feature, even though it was automatically active for all other users and could not be turned off. Commissioner Rohit Chopra noted in an accompanying statement that residents of those states were afforded stronger protections because their legislatures had passed laws regulating facial recognition and biometric identifiers. Everalbum's differential treatment of users illustrates why Congress must ensure that any proposed federal privacy law sets a baseline for the country while protecting the ability of states to enact stronger privacy laws.

Tags:

Posted by Caitriona Fitzgerald on January 11, 2021 2:47 PM |

January 12, 2021

Civil Society Groups Urge EU to Prohibit Certain Red-Line Uses of AI

European Digital Rights (EDRi), along with 61 civil society groups including EPIC, sent a letter today calling for the EU to introduce certain red lines in their upcoming European Commission proposal on Artificial Intelligence. The letter calls on the EU to prohibit the use of biometric mass surveillance, AI at the border, use of AI with social scoring, and use of predictive policing and other AI criminal risk assessment tools. "Without regulatory limits on the use of AI-based technologies," the letter says, "we face the risk of violations of our rights and freedoms by government and companies alike." EPIC has called for a moratorium on the use of face surveillance, and maintains resources on AI in the criminal justice system.

Tags:

Posted by Caitriona Fitzgerald on January 12, 2021 3:53 PM |

HireVue, Facing FTC Complaint From EPIC, Halts Use of Facial Recognition

HireVue, a major vendor of AI-based hiring tools, announced today that it will stop relying on "facial analysis" to assess job candidates. The move comes a year after EPIC filed a Federal Trade Commission complaint targeting HireVue's use of opaque algorithms and facial recognition. EPIC argued that HireVue's AI tools—which the company claimed could measure the "cognitive ability," "psychological traits," "emotional intelligence," and "social aptitudes" of job candidates—were unproven, invasive, and prone to bias. EPIC also highlighted HireVue's deceptive claim that it did not use facial recognition in its assessments. In announcing the change, HireVue acknowledged the public outcry over its use of facial analysis and said the technology "wasn't worth the concern." However, HireVue will continue to analyze biometric data from job applicants including speech, intonation, and behavior—all of which present similar privacy and discrimination risks. EPIC advocates for a moratorium on facial recognition and recently filed a complaint with the D.C. Attorney General explaining how online test proctoring companies use opaque, unreliable AI tools to monitor students.

Tags:

Posted by John Davisson on January 12, 2021 4:31 PM |

January 13, 2021

EPIC Urges DHS to Suspend New Counterintelligence Records System

EPIC submitted comments to the Department of Homeland Security in response to a system of records notice and proposed exemptions from Privacy Act requirements for a new counterintelligence records system. DHS's proposed records system would permit nearly limitless collection of sensitive personal information and unchecked disclosure of that information to state, local and international agencies, and to private companies. DHS's proposed exemptions would eliminate all individual rights under the Privacy Act and exempt DHS from basic Privacy Act requirements, including limiting data collection to necessary information. EPIC recently insisted that DHS rescind a proposed expansion of the use of biometrics, including facial recognition, across the agency.

Tags:

Posted by EPIC on January 13, 2021 5:10 PM |

January 14, 2021

Google Closes Fitbit Acquisition While DOJ's Review of Merger Continues

Today, Google announced that it "completed its acquisition of Fitbit" in a $2.1 billion deal, even though the Department of Justice has not yet approved the merger. DOJ said that its investigation into the deal remains ongoing, and "[a]lthough the division has not reached a final decision about whether to pursue an enforcement action, the division continues to investigate whether Google's acquisition of Fitbit may harm competition and consumers in the United States." The announcement comes after Google gained EU antitrust approval for its Fitbit bid last month subject to limits on how it will use consumers' data, including pledging to not use Fitbit data for advertising purposes in Europe. EPIC has long opposed Google's acquisition of Fitbit, citing concerns about Google's history of data protection and privacy violations. In November 2019, EPIC told the House Judiciary Committee that the FTC should block the acquisition. EPIC brought the 2012 case against the FTC for the agency's failure to enforce the 2011 consent order against Google after the company consolidated user data across multiple services.

Tags:

Posted by Caitriona Fitzgerald on January 14, 2021 7:30 PM |

January 15, 2021

FAA Publishes Final Rule for Operating Drones Over People

The Federal Aviation Administration published the final rule for the operation of drones over people. The rule allows drones to operate over people without first obtaining a waiver to do so. The drone must meet certain requirements (e.g. the drone can't have exposed rotating blades), and the rule doesn't generally allow sustained flight over large gatherings of people outside. EPIC, in comments to the agency, argued that all drones operating over people should broadcast identifying information. In response to comments by EPIC and others, the FAA's final rule prohibits the operation of drones over "open-air assemblies" unless the drone meets the broadcast ID requirement that takes effect in September 2023. Through lawsuits and previous comments to the FAA, EPIC has repeatedly argued the FAA has an obligation to implement privacy safeguards for drones before they operate regularly over people.

Posted by Jeramie D. Scott on January 15, 2021 5:33 PM |

January 20, 2021

New Massachusetts Law Protects Personal Transit Data From Warrantless Searches

The Massachusetts Legislature has enacted a new law that prevents Massachusetts transit authorities from disclosing personal information related to individuals' transit system use for non-transit purposes and requires police obtain a search warrant before accessing personal data collected by the authorities. The law resolves many of the issues raised in Commonwealth v. Zachery, a case pending before the Massachusetts Supreme Judicial Court in which the government obtained, without a warrant, location data generated by the defendant's use of a Massachusetts Bay Transit Authority transit card. EPIC filed an amicus brief in the case. EPIC argued that disclosure of data collected by the transit authority should be limited to the purposes for which it was collected. EPIC further stated that "if the government seeks to access Charlie Card data for investigative purposes, it must do so with a warrant." The new law adopts both the disclosure limitation and warrant requirement that EPIC advocated for in its amicus brief to the Court.

Tags:

Posted by Melodi Dincer on January 20, 2021 10:11 AM |

EPIC to Washington Legislature: Pass Commonsense AI Regulation

EPIC Equal Justice Works Fellow Ben Winters testified today before the Washington Legislature in support of a bill to establish transparency and accountability around state automated decision-making and ban certain dangerous applications of AI. Under SB5116, public and regularly updated algorithmic accountability reports of state uses of automated decision-making systems will be completed, AI-enabled profiling that produces significant legal effects will be prohibited, and other baseline protections will be enacted. EPIC has advocated for algorithmic transparency for several years, has issued calls to ban face surveillance, and tracks use of AI in the Criminal Justice System.

Tags:

Posted by Caitriona Fitzgerald on January 20, 2021 1:30 PM |

EPIC Obtains Internal AI Commission Emails From Schmidt, Others

EPIC, as part of the open government case EPIC v. AI Commission, has obtained additional records from the National Security Commission on Artificial Intelligence. The documents include emails from Commission chair and former Google CEO Eric Schmidt illustrating Schmidt’s close relationship with members of Congress. The records also reveal that the ethics disclosure form Schmidt filed with the Commission—a document that usually tops out at a dozen pages—was 38 pages long. EPIC’s FOIA request was recently highlighted in an American Prospect article on Schmidt’s role in Rebellion Defense, “a shadowy defense startup” that markets AI systems to the Defense Department. EPIC has twice prevailed in its open government case against the AI Commission, forcing the Commission to hold public meetings and disclose thousands of pages of records. In recent comments, EPIC called on the AI Commission to "advise Congress, as the nation's highest policymaking authority, to establish government-wide principles and safeguards for the use and development of AI." The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by John Davisson on January 20, 2021 5:28 PM |

January 13, 2021

National Artificial Intelligence Initiative Office Announced

The National Artificial Intelligence Initiative Office, created as part of the National Artificial Intelligence Initiative Act of 2020, was recently announced by the White House. According to the Act, the office will act as a point of contact for various federal artificial intelligence activities, conduct regular outreach about AI, and “promote access to and early adoption of the technologies, innovations, [and] lessons learned.” EPIC has recently submitted comments to the Office of Management and Budget and the National Security Commission on Artificial Intelligence advising the agencies to follow the Universal Guidelines for AI and push for actionable legal rights to protect against algorithmic harms.

Tags:

Posted by John Davisson on January 13, 2021 12:58 PM |

January 15, 2021

WhatsApp Policy Change Highlights Privacy Risks EPIC Warned of in Facebook Acquisition

Recently unveiled changes to WhatsApp's terms of service highlight the privacy and legal objections has EPIC long raised to Facebook's 2014 acquisition of the messaging platform. In early January, WhatsApp introduced a revision to its privacy policy that seemed to require app users to share extensive personal data with Facebook—an apparent violation of the privacy protections that originally fueled WhatsApp's growth. The policy change drove many WhatsApp users to turn to other secure messaging platforms including Signal and Telegram. WhatsApp later delayed the revision of its terms of service by several months and argued that the change only affected "business communication," but the episode underscores the dangers of a company built on the exploitation of personal data acquiring a company that has made explicit privacy commitments to its users. In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook routinely incorporates user data from companies it acquires and that WhatsApp users objected to the acquisition. The FTC approved the merger but told EPIC and CDD that "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook."

Tags:

Posted by John Davisson on January 15, 2021 1:48 PM |

January 22, 2021

European Parliament Guidelines Call for Moratorium on Facial Recognition

In a report released on January 20, the European Parliament outlines the need for new legal frameworks for artificial intelligence and biometric surveillance. The report raises objections to both civilian and military uses of artificial intelligence, mass surveillance, and deepfakes. The European Parliament was particularly concerned with facial recognition technology, proposing a moratorium on its use in public and semi-public spaces. EPIC leads a campaign to Ban Face Surveillance through the Public Voice coalition.

Tags:

Posted by EPIC on January 22, 2021 2:15 PM |

January 27, 2021

EPIC to Maryland Legislators: Enact Biometric Privacy Law

EPIC Senior Counsel Jeramie Scott testified today to Senate and House Committees of the Maryland General Assembly in support of legislation protecting biometric information privacy. HB218 and SB16 are modeled after the Illinois Biometric Information Privacy Act (BIPA). Passed in 2008, BIPA has been referred to as one of the most effective and important privacy laws in America. "Unlike a password or account number, a person’s biometrics cannot be changed if they are compromised," EPIC told the Committees. EPIC stressed the importance of strong enforcement measures in privacy laws, particularly a private right of action. EPIC also submitted a recent case study on the Illinois law written by EPIC Advisory Board member Woody Hartzog. EPIC previously filed an amicus brief in Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. [Watch the hearing]

Continue reading "EPIC to Maryland Legislators: Enact Biometric Privacy Law" »

Tags:

Posted by Caitriona Fitzgerald on January 27, 2021 1:34 PM |

January 28, 2021

EPIC Gives International Privacy Award to Justice K.S. Puttaswamy (Retd.) and Shyam Divan

EPIC presented the 2021 International Privacy Champion Awards this week to Justice K.S. Puttaswamy, retired Justice of the Kamataka High Court and lead plaintiff in the case that established the constitutional right to privacy in India and challenged the country’s mandatory biometric data collection program Aadhaar, and Senior Advocate Shyam Divan, who was the lead attorney on the case. EPIC Interim Executive Director Alan Butler emphasized the significance of the Puttaswamy case, noting that it “was groundbreaking in ways that will reverberate for decades to come.” The decision supports the recognition of privacy as a fundamental human right, and the case forced limits on the collection of biometric data in the world’s second largest country. The ceremony took place online at the annual conference on Computers, Privacy, and Data Protection.

Posted by Caitriona Fitzgerald on January 28, 2021 6:00 PM |

Hamburg DPA Deems Clearview AI's Biometric Photo database Illegal, Orders a Partial Deletion of Profile

The Hamburg Data Protection Authority has ruled that Clearview AI’s searchable database of biometric profiles is illegal under the EU’s GDPR and ordered the U.S. company to delete the claimant’s biometric profile. Clearview AI scrapes photos from websites to create a searchable database of biometric profiles. The database, which is marketed to private companies and U.S. law enforcement, contains over 3 billion images gathered from websites and social media. The claimant submitted a complaint to the Hamburg DPA after discovering that Clearview AI had added his biometric profile to the searchable database without his knowledge or consent. The DPA ordered Clearview to delete the mathematical hash values representing his profile but did not order Clearview to delete his captured photos. The DPA’s narrow order protects only the individual complainant because it is not a pan-European order banning the collection of any EU resident’s photos. The DPA decided that Clearview AI must comply with the GDPR, yet this narrow order places a burden on Europeans to have their profiles removed from the database. EPIC has long opposed systems like Clearview AI, filing an amicus brief before the 9th Circuit defending an individual's right to sue companies who violate BIPA and other privacy laws, submitting FOIA requests with several government agencies that use Clearview AI technology, and urgingthe Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

Posted by Caitriona Fitzgerald on January 28, 2021 1:37 PM |

Search


About January 2021

This page contains all entries posted to epic.org in January 2021. They are listed from oldest to newest.

December 2020 is the previous archive.

February 2021 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3