« February 2021 | Main | April 2021 »

March 2021 Archives

March 2, 2021

AI Commission Report Recommends Key Safeguards, But No Binding Limits on AI Use

The National Security Commission on Artificial Intelligence has issued its final report on the use of AI in national security and defense settings. The report urges Congress and the President to implement key safeguards on federal AI deployment, including mandating AI impact and risk assessments, updating standards for Privacy Act notices and privacy impact assessments, establishing an independent auditor for AI systems, empowering the Privacy and Civil Liberties Oversight Board to conduct AI oversight, and establishing a task force to recommend legal restrictions on the use of AI. However, the report fails to propose any substantive limits on AI use for Congressional enactment, as EPIC urged the Commission to do last year. "Unless express, binding limits on the use of AI are established now, the technology will quickly outpace our collective ability to regulate it," EPIC wrote. "The Commission cannot simply kick the can down the road, particularly when governments, civil society, and private sector actors have already laid extensive groundwork for the regulation of AI." Controversially, the AI Commission's final report also fails to endorse a ban on the use of autonomous weapons. The report was approved at the Commission's final meeting, which was open to the public as a result of EPIC's lawsuit. EPIC successfully sued the AI Commission in order to enforce its transparency obligations, forcing the Commission to hold open meetings and disclose thousands of pages of records. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by John Davisson on March 2, 2021 3:28 PM |

March 3, 2021

Virginia Governor Signs Consumer Data Protection Act

Virginia Governor Ralph Northam has signed the Virginia Consumer Data Protection Act into law. "It is good to see Virginia and other states taking action to protect the privacy of their residents. States have always played a key role in establishing privacy protections," EPIC Policy Director Caitriona Fitzgerald said. "But in 2021 we need a more comprehensive and proactive approach to privacy than what Virginia adopted. We need privacy laws in the United States that address current business practices and protect individuals from all forms of corporate surveillance, algorithmic unfairness, manipulative design, and discrimination. We need privacy laws that minimize the data collected about us and encourage innovation in privacy enhancing technologies. And we need robust enforcement of these rules to make sure that the underlying business practices actually change."

Tags:

Posted by Caitriona Fitzgerald on March 3, 2021 2:08 PM |

March 8, 2021

EPIC, ACLU, & EFF Push Court to Limit Warrantless Forensic Searches of Cell Phones

EPIC, together with the ACLU and EFF, recently filed an amicus brief in Wisconsin v. Burch, urging the Wisconsin Supreme Court to stop police from conducting warrantless forensic searches of cell phones and indefinitely retaining the data based on vague consent forms. The defendant in the case had verbally consented to a limited search of his text messages during a hit-and-run investigation. Police then asked him to sign a vague consent form that did not specify his phone would be forensically analyzed and the data stored indefinitely. Police used a forensic device to download the entire contents of the phone, retained a full copy, and disclosed data that was outside the scope of his limited verbal consent to another department for use in an unrelated investigation. In their brief, EPIC, ACLU, and EFF argued that someone who consents to a limited search does not reasonably expect police may access, copy, and store vast amounts of personal information held on their phone. These searches violate the Fourth Amendment by “enabl[ing] the State to rummage at will among a person’s most personal and private information whenever it wanted, for as long as it wanted” without a warrant. EPIC regularly files amicus briefs challenging unlawful access to cell phone data.

Tags:

Posted by Melodi Dincer on March 8, 2021 1:43 PM |

March 9, 2021

EPIC to Supreme Court: Congress Allows People to Sue when their Privacy Rights are Violated

EPIC has filed an amicus brief in TransUnion LLC v. Ramirez, urging the U.S. Supreme Court to hold that people can sue when their privacy rights are violated, regardless of whether they allege that the violation led to other harms. The case concerns a suit brought under the Fair Credit Reporting Act (FCRA), one of many laws that create privacy rights for individuals to help them maintain control over their personal information. Ramirez and many others sued after TransUnion violated the FCRA, but the company argued that they don't have "standing" to sue. Other tech companies also filed a brief arguing that the Supreme Court should limit standing in privacy lawsuits. Standing is a constitutional doctrine that dictates when federal courts have authority to resolve cases. EPIC argued that privacy plaintiffs have standing to sue and that "standing was never meant to be a complicated inquiry or a substantial barrier to the vindication of legal rights." EPIC warned that "[c]ourts that require proof of consequential harm are usurping the legislative role and rewriting these privacy laws" because "it is not the business of courts to tell Congress which rights are enforceable, and which are not." EPIC previously filed an amicus brief in Spokeo and frequently files amicus briefs in cases interpreting standing under a variety of privacy laws.

Tags:

Posted by Melodi Dincer on March 9, 2021 9:00 AM |

EPIC Obtains More Internal Emails From AI Commission

EPIC, as part of the open government case EPIC v. AI Commission, has obtained additional records from the National Security Commission on Artificial Intelligence. The documents include further internal emails from Commission chair and former Google CEO Eric Schmidt. The Commission recently issued its final report on the use of AI in national security and defense settings. The report makes key recommendations concerning AI impact assessments and audits but fails to propose substantive limits on AI use for Congressional enactment, as EPIC urged the Commission to do last year. EPIC successfully sued the AI Commission in 2019 to enforce its transparency obligations, forcing the Commission to hold open meetings and disclose thousands of pages of records. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Tags:

Posted by John Davisson on March 9, 2021 1:24 PM |

Supreme Court Limits Public Access to Government Documents

Last week, the Supreme Court held in U.S. Fish & Wildlife Service v. Sierra Club that documents reflecting an agency's last view on a proposed rule are deliberative and exempt from disclosure under FOIA unless the agency treats the documents as final. In her first majority opinion since joining the bench, Justice Barrett interpreted the deliberative process privilege broadly, writing that, although the documents in this case represented "the last word within the [agency]," the documents "were not last because they were final; they were last because they died on the vine." Because the agency never formally finalized the documents or transmitted them in full to the agency that proposed the rule, the documents could be withheld. In its amicus brief, EPIC had urged the Court to narrowly interpret the deliberative process privilege. EPIC warned that a broad interpretation would encourage agencies to "continue to interpret the [privilege] broadly and cause years of delay and unnecessary litigation." EPIC regularly litigates FOIA cases and files amicus briefs on open government issues.

Tags:

Posted by Melodi Dincer on March 9, 2021 2:43 PM |

March 10, 2021

EPIC, Coalition Urge DHS to Rescind CBP's Proposed Biometrics Rulemaking

In a letter to Secretary of Homeland Security Alejandro Mayorkas, EPIC and a coalition of civil rights, civil liberties, immigrant's rights, technology, and privacy organizations urged the agency to rescind a Notice of Proposed Rulemaking massively expanding Customs and Border Protection's (CBP's) use of biometrics, and to suspend the use of facial recognition across DHS. The NPRM was originally issued November 19, 2020 and re-published on February 9, 2021 in a sign that DHS and the Biden Administration intend to go forward with the rulemaking. EPIC submitted comments on the original NPRM, urging CBP to suspend its use of facial recognition, or in the alternative use only 1:1 face comparison. Earlier, EPIC voiced opposition to a broader DHS rulemaking authorizing widespread use of biometrics, including facial recognition, throughout the agency.

Tags:

Posted by EPIC on March 10, 2021 3:20 PM |

March 12, 2021

Security Breach of Surveillance Start-Up Exposes Private Residences, Schools, Companies

Around 150,000 networked and facial recognition-capable security cameras located in hospitals, schools, homes, and prisons were accessed in a security breach of Verkada, a surveillance company. The breach exposed vulnerable populations surveilled by Verkada’s cameras and highlights the degree to which unregulated surveillance and data collection are ubiquitous within the United States. Verkada’s software offerings include facial recognition tools, exacerbating the risks created by its surveillance systems. EPIC, along with a coalition of advocates, warned about similar risks for Amazon’s Ring Doorbell and called for a ban on facial recognition as well as regulation of surveillance and data governance.

Posted by Ben Winters on March 12, 2021 9:46 AM |

March 15, 2021

EPIC Celebrates Sunshine Week With 2021 FOIA Gallery

In celebration of Sunshine Week, EPIC has unveiled the 2021 FOIA Gallery. Since 2001, EPIC has annually published highlights of EPIC's most significant open government cases and documents obtained through government records requests. For example, EPIC's 19-month legal effort in EPIC v. DOJ resulted in the release of new sections from the previously redacted Mueller Report, including details about Roger Stone and passages concerning decisions by Special Counsel Mueller to not charge particular individuals with criminal offenses. EPIC also prevailed twice in EPIC v. AI Commission, in which the court forced the Commission to hold public meetings and disclose thousands of pages of records to EPIC. In this year's FOIA gallery, EPIC also highlights records about DHS's initial response to election cybersecurity threats, a DOJ report on predictive policing and AI, records about contact tracing efforts from North Dakota and Utah, and records about CBP's electronic device border search audits.

Tags:

Posted by EPIC on March 15, 2021 3:35 PM |

March 16, 2021

EPIC Presents Oral Argument in NJ Supreme Court Case on Privacy of Personal Information in Government Records

Yesterday, Megan Iorio, counsel at EPIC, presented oral argument as a friend of the court in Bozzi v. Jersey City, a New Jersey Supreme Court case concerning a commercial open government request for names and addresses of dog license registrants. The lower court found no privacy interest in the information and ordered its release. Ms. Iorio urged the court to reverse and to find that personal information in government records should only be disclosed when a government transparency interest could be served by disclosure. The argument drew on the historic and constitutional origins of the right to informational privacy, federal courts' interpretation of the Freedom of Information Act's privacy exemptions, and New Jersey's strong constitutional right to privacy. EPIC filed an amicus brief in the case and argued before the court last year in State v. Andrews about whether an individual can be compelled to disclose their cell phone passcode.

Tags:

Posted by Melodi Dincer on March 16, 2021 3:16 PM |

California Bans "Dark Patterns" That Subvert CCPA's Opt-out Rights

California Attorney General Xavier Becerra has announced updated regulations under the California Consumer Privacy Act (CCPA) that ban so-called “dark patterns” that delay or obscure the process for opting out of the sale of personal information. Specifically, the regulations prohibit companies from burdening consumers with confusing language or unnecessary steps such as forcing them to click through multiple screens or listen to reasons why they shouldn’t opt out. "These protections ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights," said Attorney General Becerra. Dark patterns "are design features used to deceive, steer, or manipulate users into behavior that is profitable for an online service, but often harmful to users or contrary to their intent." Last month, EPIC filed a complaint with the D.C. Attorney General alleging that Amazon unlawfully employs manipulative "dark patterns" in the Amazon Prime subscription cancellation process. Next month, the FTC plans a workshop on "Bringing Dark Patterns to Light."

Tags:

Posted by Caitriona Fitzgerald on March 16, 2021 9:57 AM |

Records Show FTC Botched Google Antitrust Investigation

The Federal Trade Commission's 2013 failure to sue Google for antitrust violations went against the advice of FTC staff and disregarded evidence of Google's growing market dominance, according to records obtained by Politico. FTC antitrust attorneys advised the Commission to bring suit against Google to block future deals with mobile companies making Google an exclusive search provider. But the Commission rejected that recommendation on the view that mobile search was only a small part of the search market, a conclusion that quickly proved outdated. The records published by Politico also reveal that Amazon and Facebook—both of which are now facing their own antitrust proceedings—privately pushed the FTC to take enforcement action against Google. Google's anticompetitive practices in search and targeted advertising are the basis of two antitrust lawsuits brought by the Department of Justice and state attorneys general last year. On Monday, Texas announced that it would broaden its lawsuit to cover Google's planned replacement for third-party cookies—so-called "FLoCs"—which would do little to protect privacy but further consolidate Google's market power. EPIC has long targeted anticompetitive practices by Google, including its acquisition of DoubleClick and bias in YouTube search rankings. EPIC also helped bring about the FTC's 2011 order establishing privacy safeguards for Google users and sued when Google violated that order.

Tags:

Posted by John Davisson on March 16, 2021 3:03 PM |

March 18, 2021

EPIC Seeks Documents on Protest Monitoring and Advanced Surveillance Technologies from Federally-Funded Fusion Centers

EPIC filed a series of open government requests seeking information on fusion centers' role in monitoring Black Lives Matter protests this summer and on fusion centers' possession of advanced surveillance technologies including location tracking services, cell phone data extraction tools, facial recognition, and social media monitoring tools. EPIC sent requests to federally funded fusion centers in Pennsylvania, South Carolina, Northern California, and North Dakota. Fusion centers are state or regional intelligence units that provide police with access to advanced surveillance technologies while relaying information to the Department of Homeland Security. EPIC previously urged DHS's DPIAC committee to investigate fusion centers and recommend ending federal funding of fusion centers.

Tags:

Posted by EPIC on March 18, 2021 10:40 AM |

March 22, 2021

Wiretapping Claims Against Facebook Move Forward as Supreme Court Denies Review

This week, the U.S. Supreme Court denied a petition for review in In re: Facebook, Inc. Internet Tracking Litigation, a case challenging Facebook's use of "cookies" to track internet browsing activity even when users were logged out of their Facebook accounts. The U.S. Court of Appeals for the Ninth Circuit held that Facebook's use of cookies to track Internet users browsing other websites might violate the federal Wiretap Act because Facebook was not an authorized party to those communications. Facebook's efforts to get the Supreme Court to reject this holding of the Ninth Circuit failed, and now the case will move forward. EPIC filed an amicus brief in the Ninth Circuit in this case and has filed briefs opposing settlements in other cases challenging cookie-based surveillance. EPIC has long advocated against the use of cookies and other surveillance tools to track people online. EPIC continues to advocate for clear rules and restrictions on web tracking as companies replace cookies with new surveillance techniques that would do little to protect privacy online.

Tags:

Posted by Melodi Dincer on March 22, 2021 10:52 AM |

March 24, 2021

Massachusetts Supreme Court Rules Facebook Cannot Shield All Information on Apps that Violated User Privacy

The Massachusetts Supreme Judicial Court ruled today that Facebook could be required to disclose to the Attorney General certain factual information about privacy-abusive apps discovered during the company's investigation into the Cambridge Analytica scandal. Facebook had claimed that all information it collected was protected by attorney-client and attorney work product privileges because the company's investigation was led by attorneys in anticipation of litigation. The Massachusetts high court disagreed that the attorney client privilege applied to all of the records, and remanded to the trial court to determine if the records contain factual work product that must be turned over to the Attorney General. EPIC filed an amicus brief in the case urging the court to "reject Facebook's attempt to use litigation threats as an excuse to prevent the facts of its breach of user trust from coming to light." EPIC has fought for transparency and accountability for Facebook's privacy abuses for over a decade, from filing the original FTC Complaint in 2009 that led to the FTC's 2012 Consent Order with the company, to moving to intervene in and filing an amicus brief challenging the FTC's 2019 settlement with Facebook.

Tags:

Posted by Melodi Dincer on March 24, 2021 12:55 PM |

March 25, 2021

FTC Announces New Rulemaking Group

Acting FTC Chairwoman Rebecca Kelly Slaughter today announced the creation of a new rulemaking group within the FTC. The announcement follows criticism that the FTC has not adequately used its authorities, including its rulemaking power, to address consumer protection harms and promote competition. Section 18 of the FTC Act enables the Commission to issue trade regulation rules to address unfair or deceptive practices that occur commonly. Once the commission has promulgated a trade regulation rule, it may seek civil penalties for each violation of the rule. “I believe that we can and must use our rulemaking authority to deliver effective deterrence for the novel harms of the digital economy and persistent old scams alike,” Acting Chair Slaughter said. EPIC has long urged the FTC to impose clear privacy obligations on companies that collect and use personal data, including by exercising the Commission's underused rulemaking power. In 2020, EPIC filed a petition with the FTC calling on the Commission to conduct a rulemaking on the use of artificial intelligence in commercial settings. "By defining unfair and deceptive practices ex ante, and with specificity, a trade regulation rule would make it easier for the FTC to take action against parties that harm consumers," EPIC explained.

Tags:

Posted by Caitriona Fitzgerald on March 25, 2021 4:33 PM |

March 30, 2021

EPIC, Coalition Urge New York City Council to Enact Comprehensive Ban on Government Use of Facial Recognition

EPIC and a coalition of civil-rights and community-based organizations submitted a letter to New York City Council Speaker Corey Johnson urging the council to introduce a comprehensive ban on government use of facial recognition. The letter highlights NYPD's use of facial recognition along with other NYC agencies, the potential for far-reaching surveillance posed by facial recognition technology, and the risk of errors from racial bias in facial recognition algorithms and poor police practices. EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition, gathered support from over 100 organizations and experts from more than 30 countries.

Tags:

Posted by EPIC on March 30, 2021 11:00 AM |

March 12, 2021

Government Ends the Use of Data from Unaccompanied Children for Deportation

In a joint statement by the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), the agencies terminated a 2018 agreement that previously formalized the practice of using information obtained from unaccompanied migrant children to deport relatives and other potential sponsors. EPIC previously urged HHS to abandon the practice of sending this data to DHS when the agency proposed a rule in 2018 to formalize the policy. EPIC argued the proposed rule conflicted with a Privacy Impact Assessment and undermine the welfare of unaccompanied children. EPIC also joined over 100 other groups to call for an end of the practice, stating that DHS has "taken a process designed to protect children and made it into a tool that uses them to find and deport their families." EPIC has previously warned Congress about the misuse of immigrant data by DHS.

Tags:

Posted by Jeramie D. Scott on March 12, 2021 6:18 PM |

Search


About March 2021

This page contains all entries posted to epic.org in March 2021. They are listed from oldest to newest.

February 2021 is the previous archive.

April 2021 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3