« April 2021 | Main | June 2021 »

May 2021 Archives

May 3, 2021

Massachusetts AG Presses Pharmacies About Collection and Use of Vaccine Patient Data

The Massachusetts Attorney General, following up on a letter from EPIC and a coalition of civil society groups, wrote to major pharmacies today seeking details about their collection and use of personal data from COVID-19 vaccine recipients. The federal government is coordinating with retail pharmacies to facilitate vaccine distribution. But as EPIC and coalition partners warned last month, some pharmacies "are requiring patients seeking access to the vaccine to register through their existing customer portals, which in turn exposes patients to broad personal data collection and marketing." The Massachusetts AG letter calls on pharmacies to explain what personal data they collect from vaccine patients, what disclosures they make, whether the pharmacies will use the data for commercial purposes, and whether the data is being stored separately from general customer information. "[A]ccess to life-saving vaccines should not be conditioned on a consumer's consent to provide personal data not necessary for the vaccination administration," the AG's letter explains. "Nor can consent to such data collection or marketing be presumed based on a consumer's desire to obtain a vaccination." The CDC recently issued a directive prohibiting health providers "from using any data gathered in the course of their participation in the CDC COVID-19 Vaccination Program, including any Protected Health Information or other Personally Identifiable Information, for commercial marketing purposes." EPIC and coalition partners also asked officials in California, Illinois, New York, and the District of Columbia to investigate and prevent pharmacies from putting vaccine patient data to commercial use.

Tags:

Posted by John Davisson on May 3, 2021 1:08 PM |

May 4, 2021

EPIC, Coalition Urge Spotify to Abandon Speech-Recognition Technology

In a letter to Spotify, EPIC and a coalition of over 100 recording artists, 69 non-profit organizations, and 10 prominent individuals urged the streaming service to publicly commit not to explore a newly-patented voice-recognition feature. Spotify's new patent would allow the company to identify individuals' "emotional state, gender, age, or accent" to recommend music. The coalition letter identified major concerns with the potential technology including emotional manipulation, discrimination, massive privacy violations, and increased inequality within the music industry. Spotify recently stated that the company has not implemented the technology, and claims to have "no plans" to do so. EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition gathered support from over 100 organizations and experts from more than 30 countries.

Posted by EPIC on May 4, 2021 1:00 PM |

May 5, 2021

EPIC Obtains 2018 DHS Election Security Briefing with Members of Congress

Through a Freedom of Information Act request to the Department of Homeland Security, EPIC obtained records circulated in a 2018 election security meeting with members of the U.S. House of Representatives. On May 22, 2018, then-DHS Secretary Kirstjen Nielsen, then-Federal Bureau of Investigation Director Christopher Wray, and then-Director of National Intelligence Dan Coats held a classified briefing for members of Congress informing them of the risks to the election process and steps the administration was taking to assist state officials in ensuring election security. The briefing materials include charts on election infrastructure cyber risk scenarios and cybersecurity considerations, as well as compiled anecdotes of the DHS's engagement with state election security officials. These anecdotes highlighted how states have taken efforts to strengthen their election systems for the 2018 mid-term elections, including some states taking up the voluntary election security resources from DHS. EPIC sued the DHS for records about the agency’s assessment of election vulnerabilities following the 2016 presidential election and its ongoing role in protecting election systems as critical infrastructure. The agency released hundreds of pages of records to EPIC about its role in election cybersecurity, with records revealing the agency's rocky initial involvement in election security following its 2017 designation of election infrastructure as critical infrastructure and how far the agency has come since then. The case is EPIC v. DHS, 17-2047 (D.D.C.).

Tags:

Posted by EPIC on May 5, 2021 10:45 AM |

White House Launches Website for National AI Initiative, AI.gov

The White House has launched AI.gov, the new website of the National Artificial Intelligence Initiative Office featuring reports, policy priorities, and news about artificial intelligence from across the federal government. The site lists "Advancing Trustworthy AI" and "International Cooperation" as two of six top priorities for federal AI policy, embracing the Organization for Economic Cooperation and Development AI Principles and the G20 AI Principles. EPIC has urged both the White House and Congress to prioritize human rights over AI adoption and has recommended the OECD Principles and the Universal Guidelines for Artificial Intelligence as baseline frameworks for regulating AI and mitigating algorithmic harms. EPIC has also fought for transparency in AI policymaking, successfully suing the National Security Commission on Artificial Intelligence to enforce its public records and open meetings obligations.

Posted by Ben Winters on May 5, 2021 4:17 PM |

May 7, 2021

EPIC Urges HHS to Prioritize Patient Privacy in Modifications to HIPAA Privacy Rule

In comments to the Health and Human Services Department (HHS), EPIC opposed proposed changes to the HIPAA Privacy Rule reducing restrictions on disclosing patients’ Protected Health Information (PHI). HHS's proposed rule would expand the entities that can receive PHI without patient consent, lower the standard for disclosing PHI in the process of care coordination, and specifically authorized certain non-consensual disclosures of PHI for patients with mental illness and substance abuse disorders. EPIC argued that the modifications will expose patients to greater risk of data breach and increase barriers to receiving care for stigmatized populations without providing benefits to patients. Recently, EPIC Executive Director Alan Butler and Counsel Enid Zhou published a paper in the American University Law Review analyzing the increased collection of health data during the Covid-19 pandemic.

Tags:

Posted by EPIC on May 7, 2021 1:15 PM |

May 11, 2021

Biden Administration Abandons DHS Plans to Expand Biometric Collection

According to a news report, the Biden Administration plans to rescind a proposed rule to massively expand the collection of biometric information from immigrants. The rule, proposed towards the end of the Trump Administration, would have granted the Department of Homeland Security broad authority to collect biometric data from immigrants and their families and associates. The rule would have enabled the collecting of palm prints, iris images, voiceprints, DNA, and images for facial recognition regardless of age. In comments to the Department of Homeland Security, EPIC opposed the rule and urged the agency to rescind the proposed rule. EPIC argued that DHS']s broad authorization to collect biometrics was incompatible with the Department's Fair Information Practice Principle. EPIC also specifically called on the agency to suspend the use of facial recognition technology. Last year, EPIC, joined by over 40 organizations called for the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

Tags:

Posted by Jeramie D. Scott on May 11, 2021 9:53 AM |

State AGs Push Back Against Facebook's Plan to Launch Instagram for Children

More than 40 state attorneys general have sent a letter to Mark Zuckerberg pressuring Facebook to drop its plans to launch a version of Instagram for children younger than 13. The Attorneys General, led by Massachusetts Attorney General Maura Healey, expressed bipartisan support to protect children’s privacy and their physical and mental health. The AGs raised concerns about Facebook’s history of privacy incidents, stating “Facebook has a record of failing to protect the safety and privacy of children on its platform, despite claims that its products have strict privacy controls[.]” The Campaign for a Commercial-Free Childhood commented “If Facebook insists on plowing ahead, it’s the clearest sign yet that the company views itself as accountable to no one, even when it comes to the well-being of children, and must be regulated much more rigorously,” and lawmakers have similarly expressed concerns about children’s privacy issues with social media. EPIC signed on to a coalition letter by the Campaign for a Commercial-free Childhood that urged Zuckerberg to cancel plans to launch a version of Instagram for Children under 13.

Tags:

Posted by Caitriona Fitzgerald on May 11, 2021 1:57 PM |

Lawmakers Call on Facebook to Reverse WhatsApp Terms of Service Update

Today, Congresswoman Lori Trahan (MA-03) led a group of fellow Congressional Hispanic Caucus members in writing a letter calling on Facebook Chairman and CEO Mark Zuckerberg to reverse the company’s decision to require WhatsApp users to accept expanded data collection or leave the platform entirely. “We write to respectfully ask Facebook to consider reversing WhatsApp’s decision to update their new terms of service. We believe Facebook is potentially offering a false choice to users across the globe: accept the sharing of metadata with Facebook by May 15th or leave the platform altogether,” the lawmakers wrote. In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. The FTC responded to EPIC and CDD and told Facebook and WhatsApp that "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook." The FTC letter noted that "hundreds of millions of users have entrusted their personal information to WhatsApp. The FTC staff continue to monitor the companies' practices to ensure that Facebook and WhatsApp honor the promises they have made to those users." In their letter, the members highlight that pledge and the FTC's statement.

Tags:

Posted by Caitriona Fitzgerald on May 11, 2021 2:03 PM |

May 14, 2021

Irish High Court Orders DPC to Move Forward in Facebook Investigation

The Irish High Court today issued an order in a follow-on case to Irish Data Protection Commissioner v. Facebook and Schrems ("Schrems II") and, as a result, the investigation into Facebook's U.S.-EU data transfers will move forward. The case arises from a complaint filed with the DPC in Ireland against Facebook by privacy activist Max Schrems in 2013 alleging that the company violated EU law when it transferred personal data to the U.S. (where the company is obliged to provide access to the government). The case has since been referred two separate times to the highest court in Europe (the CJEU), and has led to the invalidation of both the U.S.-EU Safe Harbor Agreement and the U.S.-EU Privacy Shield Agreement. The CJEU in the Schrems II decision last year remanded the case to the Irish DPC to determine whether Facebook violated the law and whether it was necessary to block Facebook's U.S.-EU data transfers. The DPC later issued a Preliminary Draft Decision to Facebook and laid out procedures for the inquiry. Both Facebook and Schrems challenged the DPC procedures. The DPC agreed in a settlement with Schrems that it would complete the investigation into his original complaint. The Irish High Court today rejected Facebook's challenge to the DPC inquiry, and both the Schrems complaint and this new DPC inquiry against Facebook will move forward. EPIC participated as an amicus curiae in Schrems II, arguing that U.S. Surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad.

Tags:

Posted by Alan Butler on May 14, 2021 11:07 AM |

EPIC Urges DHS Data Privacy Committee to Ensure Meaningful Oversight of Information Sharing Agreements

In comments to the DHS's Data Privacy and Integrity Advisory Committee (DPIAC), EPIC urged a comprehensive review of DHS's Information Sharing Access Agreements (ISAAs) prioritizing the most sensitive types of data, information from marginalized groups, and agreements disclosing information to unreliable partners. EPIC's comments respond to DPIAC's tasking to provide guidance to the DHS Privacy Office after an OIG audit revealed that thousands of ISAAs had never been reviewed for compliance with privacy laws and regulations. EPIC previously urged DPIAC to undertake a comprehensive investigation of fusion centers for chronic privacy and civil liberties abuses.

Tags:

Posted by EPIC on May 14, 2021 11:40 AM |

After EPIC-Led Coalition Letter, DC Area Facial Recognition System Will Shut Down

The Metropolitan Washington Council of Governments (MWCOG) informed EPIC today that the National Capital Region Facial Recognition System (NCR-FRILS) will be shut down by July 1, 2021. The system is used by police departments and government agencies in the DC, Maryland, and Virginia area. EPIC led a coalition that recently sent a letter to the MWCOG demanding an end to the system citing the dangerous nature of facial recognition and racial bias in facial recognition software. A recently passed law in Virginia requiring approval from the General Assembly before using facial recognition was going to curtail NCR-FRILS use in that state. The facial recognition system was first disclosed last year after it was used to identify a protester at a Black Lives Matter rally who was accused of assault.

Tags:

Posted by Jeramie D. Scott on May 14, 2021 4:32 PM |

May 19, 2021

EPIC Student Privacy Project Featured in Kennedy School Casebook

EPIC's Student Privacy Project has been selected for inclusion in the spring 2021 Tech Spotlight Casebook, a publication of the Harvard Kennedy School's Belfer Center for Science and International Affairs. The casebook "recognizes projects and initiatives that demonstrate a commitment to public purpose in the areas of digital, biotech, and future of work." The book highlights EPIC's recent efforts to halt the use of unfair, unreliable, and invasive remote proctoring tools and the D.C. consumer protection complaint EPIC filed against online proctoring firms. "Through meticulous research, the Student Privacy Project revealed the extent to which these companies collect and process student personal and biometric data," the casebook explains. "The complaint attempts to hold the five companies accountable for their practices by demonstrating how the data collection and processing practices may violate existing law." The casebook also recognizes recent work around census privacy protections, community control over police surveillance, racially biased speech recognition tools, and the use of "garbage" facial recognition to identify criminal suspects. A ceremony will be held Thursday, May 20 at 1 p.m. ET.

Tags:

Posted by John Davisson on May 19, 2021 1:35 PM |

May 25, 2021

Top Human Rights Court Rules UK Mass Surveillance Program Violated Privacy Rights

This week, the grand chamber of the European Court of Human Rights issued a final judgement in Big Brother Watch v. UK confirming that the UK's intelligence agency violated the right to privacy by systematically intercepting online communications without first applying necessary safeguards. The agency's mass surveillance program was "not in accordance with [EU] law," which only allows governments to retain data in an effort to combat "serious crime" and requires a court or administrative body to sign off on data collection. The UK law at issue was not limited to serious crime, nor did it require independent authorization; these "fundamental deficiencies" impermissibly increased the "risk of the bulk interception power being abused." Nevertheless, the grand chamber found that the agency's decision to operate a bulk interception program did not itself violate human rights, and the agency's sharing of sensitive digital intelligence with foreign counterparts--including with the NSA--was legal. Several chamber judges believed this ruling did not go far enough to condemn the sharing of wrongfully collected communications with other countries, noting the chamber "missed an excellent opportunity to fully uphold the importance of private life ... when faced with interference in the form of mass surveillance." EPIC has a strong interest in protecting the human right to privacy and has continuously opposed suspicionless mass collection of personal communications by domestic and foreign governments. EPIC participated in this case as a third-party intervenor and filed a brief describing U.S. intelligence authorities that allow the NSA to access the private communications of non-U.S. persons in violation of their rights. EPIC was also chosen by the Irish High Court to make amicus submissions in a case involving the international transfer of data from European servers to the U.S. in violation of E.U. law.

Tags:

Posted by Melodi Dincer on May 25, 2021 11:16 AM |

EPIC Seeks Privacy Impact Assessment for Postal Service Covert Surveillance Program

EPIC, through a Freedom of Information Act request and letter to the USPS Privacy Office, is seeking the required Privacy Impact Assessment for the Internet Covert Operations Program (iCOP) operated by the U.S. Postal Inspection Service. First revealed by Yahoo News in April, the iCOP uses Clearview AI's facial recognition system and a suite of social media monitoring tools to surveil individuals online, including protesters. EPIC also urged the USPS Privacy Office to fully comply with the E-Government Act of 2002 by proactively publishing privacy impact assessments online. EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition has gathered support from over 100 organizations and experts from more than 30 countries.

Tags:

Posted by EPIC on May 25, 2021 12:35 PM |

D.C. Attorney General Files Antitrust Suit Against Amazon

D.C. Attorney General Karl Racine filed a lawsuit today against Amazon alleging that the online retail giant has violated the District of Columbia Antitrust Act. The complaint accuses Amazon of stifling competition by imposing contractual clauses that prevent third-party sellers from offering lower prices outside of the Amazon platform. The lawsuit explains that the agreements ultimately lead to higher prices for consumers and less innovation. “Amazon wins because it controls pricing across the online retail sales market, putting itself at an advantage over everyone else,” Racine told reporters. “These restrictions allow Amazon to build and maintain monopoly power.” In February, EPIC filed a complaint with the D.C. Attorney General alleging that Amazon unlawfully employs dark patterns to manipulate consumers when they attempt to cancel their Amazon Prime subscriptions. These dark patterns enable Amazon to continue collecting subscription fees and retain the personal data of misdirected subscribers. EPIC also signed onto a recent coalition letter calling for the Federal Trade Commission to investigate Amazon’s use of dark patterns in the Prime cancellation process. EPIC has long argued that anticompetitive practices and market consolidation in the technology sector pose a threat to privacy rights.

Tags:

Posted by Sara Geoghegan on May 25, 2021 4:18 PM |

May 27, 2021

Senator Markey, Rep. Matsui Introduce Bill to Increase Transparency and Decrease Discrimination in Algorithms

Senator Ed Markey (MA) and Representative Doris Matsui (CA) introduced the Algorithmic Justice and Online Transparency Act of 2021 today. The bill prohibits discrimination based on protected classes for algorithmic processes on online platforms, requires online platform companies to create and maintain documentation about their algorithms for review by the FTC, and sets out a standard for what safe and effective algorithmic processes would be. The bill also calls for the creation of an inter-agency task force to investigate discriminatory algorithmic processes including the Federal Trade Commission, Department of Housing and Urban Development, Department of Education, Department of Justice, and the Department of Commerce. EPIC endorses the bill, and has been advocating for Algorithmic Transparency and Equity, specifically urging state, federal, and international governments to regulate harmful AI guided by the Universal Guidelines for AI. Last year, EPIC petitioned the FTC to establish a rule making regulating algorithmic tools in order to address discrimination.

Tags:

Posted by Caitriona Fitzgerald on May 27, 2021 5:38 PM |

May 28, 2021

Schumer Bill Would Dramatically Increase AI Funding but Fails to Propose AI Safeguards

The U.S. Innovation and Competition Act introduced recently by Senate Majority Leader Chuck Schumer would earmark $53 billion for technological and AI development yet fails to include critical safeguards for federal AI deployment. One section of the bill, the Endless Frontier Act, would significantly increase National Science Foundation funding to expand research and improve the diversity of the STEM workforce. The bill would also allocate funds for analyzing and combatting human rights violations in China and promoting "American Leadership" in AI development. Another section of the bill, the Advancing American AI Act, would incrementally improve the transparency and accountability of government AI use. The Office of Management and Budget would be tasked with ensuring that federal contracts for AI systems address "privacy, civil rights, and civil liberties," and each agency would be required to assemble and publish (when "practicable") an inventory of its AI systems. However, the bill—much of which tracks recommendations by the NSCAI—fails to establish binding limitations on federal AI use and offers little protection for members of the public injured by government-operated AI systems. EPIC previously urged the Commission to recommend substantive limits on AI to protect individuals against harmful, biased, invasive, and unreliable AI systems.

Tags:

Posted by John Davisson on May 28, 2021 1:16 PM |

Search


About May 2021

This page contains all entries posted to epic.org in May 2021. They are listed from oldest to newest.

April 2021 is the previous archive.

June 2021 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3