« May 2021 | Main | July 2021 »

June 2021 Archives

June 1, 2021

Facebook Backs Down from Forced WhatsApp Privacy Changes

WhatsApp previously threatened sanctions against users who would not accept the company’s new terms of use with weaker privacy protections, but backed down late Friday after a coalition of groups from around the world protested. Burcu Kilic, digital rights program director for Public Citizen, released the following statement in response: “Thank you for stopping what you never should have started. Now please also undo what you coerced millions of people into accepting.” In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook routinelyincorporates user data from companies it acquires and that WhatsApp users objected to the acquisition. The FTC approved the merger but told EPIC and CDD that "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook."

Tags:

Posted by Caitriona Fitzgerald on June 1, 2021 3:14 PM |

June 2, 2021

King County, WA Bans Local Government Use of Facial Recognition

An ordinance passed in King County, Washington bans "any person or entity acting on behalf of a King County administrative office or executive department" fromusing facial recognition technology or information derived from it. The ban includes the King County Sheriffs Department. Seattle's King County is the first county in the nation to ban government use of facial recognition technology. EPIC recently sought records on the US Postal Service's Internet Covert Operations Program use of Clearview AI facial recognition and other surveillance software. EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition has gathered support from over 100 organizations and experts from more than 30 countries.

Tags:

Posted by EPIC on June 2, 2021 12:05 PM |

June 3, 2021

EPIC, Coalition Call for Ban on Law Enforcement Use of Facial Recognition

In a statement of concerns, EPIC and a coalition of more than 40 privacy, civil liberties, immigrants rights, and good government groups stated that "the most comprehensive approach to addressing the harms of face recognition would be to entirely cease its use by law enforcement." The statement lists six concerns with police use of the technology that can only be addressed by halting its use. The coalition calls for a moratorium or ban on use of facial recognition and urges Congress to not preempt state or local bans in any federal legislation addressing facial recognition. EPIC recently organized a coalition letter that led to the shutdown of a DC-area facial recognition system previously used on Black Lives Matter protesters. EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition has gathered support from over 100 organizations and experts from more than 30 countries.

Tags:

Posted by EPIC on June 3, 2021 10:15 AM |

Supreme Court Rules Officer's Improper Access to License Plate Record Does Not Violate Computer Crimes Law

In today’s decision in Van Buren v. United States, the Supreme Court determined that a police officer who improperly accessed a license plate record could not be held liable under a federal computer crimes law, the Computer Fraud and Abuse Act. EPIC highlighted the serious privacy concerns with government employees’ improper access to sensitive personal information in government databases in the amicus brief we filed in this case, and several justices echoes these concerns during oral argument. The outcome of this case highlights the urgent need for comprehensive privacy legislation. We need enforceable rules to prevent improper access to and misuse of personal information contained in both government and private databases.

The Court also did not resolve what it means for someone to have “authorization” to access a computer or to be “entitled” to access information in the computer. The Court endorsed a general “gates-up-or-down approach”—meaning an individual either has authorization to access the computer or specific information within the computer or it does not—but explicitly left open the question whether the prohibitions on access must be technical or whether they can be contract-based. The range of criminalized activities may, in some respects, still be much broader than even the Government was advocating. Certain website terms of service that prohibit specific individuals or groups from accessing the website may still be enforceable even if the individuals have no knowledge of the restrictions and the website owners do nothing else to limit access. An 18 year-old who accesses a website restricted to those over the age of 21 may violate the CFAA, but a police officer who knowingly accesses personal information to stalk and harass the individual does not.

The Court also did not clearly answer more complicated access questions about web scraping, and the Court should grant the pending petition in LinkedIn v. hiQ Labs to resolve these questions. Web scraping involves accessing a computer using a technical method that is often prohibited by a website's terms of service and also blocked using technical barriers. EPIC filed an amicus brief in support of the petition.

Tags:

Posted by Megan Iorio on June 3, 2021 12:52 PM |

Washington Post Calls for Federal Moratorium on Facial Recognition

The Washington Post Editorial Board called on Congress to impose a nationwide moratorium on facial recognition technology until it can pass legislation requiring technical and legal safeguards for the use of the technology. The Post cited the recent shutdown of a DC-area facial recognition system after an EPIC-led coalition organized against the system. In 2019, EPIC launched the Ban Face Surveillance campaign and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. An EPIC-led coalition urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. EPIC has joined with other organizations to oppose school administrators' use of facial recognition, urge President Biden to halt the federal use of facial recognition, and press Congress to stop the use and investment in facial recognition. Most recently, EPIC joined over 40 other organizations to detail the issues with cops using facial recognition and call for a law enforcement ban on the technology's use.

Tags:

Posted by Jeramie D. Scott on June 3, 2021 5:52 PM |

June 4, 2021

Federal Court Upholds Settlement Requiring Equifax to Pay for Data Breach Affecting Millions

The Eleventh Circuit recently ruled that the $425 million class action settlement arising from the 2017 Equifax data breach, which compromised the personal data of nearly half of all Americans, should move forward. The district court previously approved the settlement in 2020, but it has been stayed pending the appeal. The settlement was supported, by various government agencies including the CFPB, the FTC, and 48 state Attorneys General, but several class members raised objections about the adequacy of the relief. The Eleventh Circuit rejected those objections, and now the settlement will move forward in the lower court. Meanwhile, a related $575 million settlement entered into by Equifax and the FTC, CFPB, and most state Attorneys General in 2019 will allow people affected by the breach to file a claim for expenses occurred between January 2020 and January 2024 as a result of identity theft or fraud related to the breach; people can also be compensated for up to 20 hours of time spent on recovering from the breach. Equifax was also required to pay $125 for each person who claimed they were wronged by the breach, but the company has so far failed to do so. This was one of the largest data breaches in history, and it has revealed the dire need to improve data security in the United States.

Posted by Melodi Dincer on June 4, 2021 9:44 AM |

June 7, 2021

EPIC, Coalition Call for Global Ban on Biometric Recognition Technologies

In an open letter, EPIC and a coalition of more than 175 civil society organizations, activists, technologists, and other experts called "for an outright ban on uses of facial recognition and remote biometric recognition technologies that enable mass surveillance and discriminatory targeted surveillance." The letter urges lawmakers around the world to stop public investment in facial recognition, prohibit government and private use of facial recognition in public spaces, and mandate disclosure and reparations to individuals monitored or harmed by biometric mass surveillance systems. The letter identifies one-to-many facial recognition identification (comparing an image to a gallery of identified images) as inherently dangerous to the public because the databases of images enable discriminatory targeted surveillance and the technology itself enables comprehensive public surveillance. EPIC began pushing for a ban in 2019 with the launch of the Ban Face Surveillance campaign and recently joined over 40 other organizations to call for a ban on U.S. law enforcement's use of facial recognition technology.

Tags:

Posted by EPIC on June 7, 2021 2:40 PM |

EPIC Tells Court Not to Weaken Enforcement of Illinois Biometric Privacy Law

EPIC has filed an amicus brief in Cothron v. White Castle, a case about when violations of Illinois's Biometric Information Privacy Act ("BIPA") can be vindicated in court. Cothron alleges that White Castle collected and disclosed her fingerprints for a decade in violation of BIPA. White Castle is trying to scuttle the case, claiming that an individual is only able to sue the first time a company violates their BIPA rights because it is only then that an individual "loses control" of their biometric data and suffers a legal injury. White Castle argues that, even if the company continued to violate BIPA to this day, they shouldn't be held liable because the first violation was long enough ago that it falls outside the statute of limitations. But the Illinois Supreme Court held in Rosenbach v. Six Flags that every violation of BIPA confers the right to sue. The district court accordingly rejected White Castle's argument, but certified the question to a federal appeals court. EPIC filed an amicus brief in the appeals court and argued that White Castle's proposed rule would effectively "overrule the Illinois Supreme Court on a question of state law" by attempting "to import arguments about Article III standing into the BIPA statutory injury analysis." EPIC also argued that White Castle is "mistaken about the underlying purpose of BIPA" and that White Castle's rule "would in fact undermine BIPA’s purposes" because it "would remove the key incentive for companies who previously violated BIPA to come into compliance, adopt responsible biometric data practices, and seek informed consent." EPIC has filed amicus briefs in other BIPA cases, including Rosenbach v. Six Flags and Patel v. Facebook, and regularly participates as amicus in cases concerning the right to sue for privacy violations.

Tags:

Posted by Megan Iorio on June 7, 2021 4:21 PM |

June 10, 2021

EPIC, Coalition Tell Biden Administration: No Data Flows Deal Until Congress Enacts Privacy Laws

EPIC and 23 other leading civil society groups sent a letter to President Biden today urging his Administration to ensure that any new transatlantic data transfer deal is coupled with the enactment of U.S. laws that reform government surveillance practices and provide comprehensive privacy protections. “The United States’ failure to ensure meaningful privacy protections for personal data is the reason that a growing number of countries are concerned about trans-border data flows,” the groups wrote. “Until the United States addresses this problem, concerns about data transfers to the United States will remain, and data flow agreements are likely to be invalidated.” In 2015, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor agreement. And in July 2020, the successor agreement, Privacy Shield, was also invalidated by the same court. [PRESS RELEASE]

Tags:

Posted by Caitriona Fitzgerald on June 10, 2021 8:00 AM |

After Meeting with EPIC, DC Council Chairman Seeks More Information About DC-Area Facial Recognition System

In a DC Council Hearing (video starts at 13:22), Chairman Phil Mendelson asked Metropolitan Washington Council of Government's (MWCOG's) Executive Director Chuck Bean for more information on the soon to be shuttered DC-area facial recognition system. The Chairman's questions were prompted by a meeting with EPIC in which EPIC staff pushed for more disclosures on the MWCOG's role in the creation of a secret facial recognition system used to surveil Black Lives Matter protesters last year. Recently, EPIC joined over 40 other organizations to detail the issues with cops using facial recognition and call for a law enforcement ban on the technology's use.

Tags:

Posted by EPIC on June 10, 2021 10:20 AM |

Canadian Privacy Commissioner Finds RCMP Use of Clearview AI Facial Recognition Violated Canada's Privacy Act

In a report to Parliament the Canadian Privacy Commissioner concluded that the Royal Canadian Mounted Police (RMCP) violated the Canadian Privacy Act by using Clearview AI's facial recognition project. The Commissioner's report follows a February 2021 investigative report that Clearview AI violated Canada's Personal Information Protection and Electronic Documents Act by scraping images off social media sites to create a facial recognition database so that "billions of people essentially found themselves in a '24/7' police line-up." Recently, in an open letter EPIC and a coalition of more than 175 civil society organizations and prominent individuals called for "an outright ban on uses of facial recognition and remote biometric recognition technologies that enable mass surveillance and discriminatory targeted surveillance."

Tags:

Posted by EPIC on June 10, 2021 12:20 PM |

June 14, 2021

Supreme Court Sends Web Scraping Case Back to Lower Court

The U.S. Supreme Court has vacated the Ninth Circuit's decision in LinkedIn v. hiQ Labs but will not decide the merits of the case, instead sending the case back to the Ninth Circuit for a new decision in light of Van Buren v. United States. EPIC had filed an amicus brief in support of the Petition for Certiorari. The LinkedIn v. hiQ petition asked whether hiQ lacked authorization to access LinkedIn's servers under the Computer Fraud and Abuse Act after LinkedIn used a combination of technical and verbal methods to cut off hiQ's access to the website to stop the company from scraping user data. hiQ sued LinkedIn to regain access to the website, arguing that its business model depended on access to LinkedIn user data. A district court granted hiQ's request for an injunction, which LinkedIn appealed. EPIC filed an amicus brief in the Ninth Circuit arguing that the injunction was "contrary to the interests of individual LinkedIn users" and contrary to the public interest "because it undermines the principles of modern privacy and data protection law." The Ninth Circuit upheld the injunction, finding that hiQ's economic interests outweighed the interests in protecting users' personal information. In its amicus brief in support of LinkedIn's petition for cert, EPIC explained that the Ninth Circuit's decision "makes it impossible" for companies to protect personal data and sets "a dangerous precedent that could threaten the privacy of user data." The EPIC amicus brief highlighted the business practices of Clearview AI, a company that scraped billions of photographs to create a secretive facial recognition system. The case will most likely be sent back to the district court for a new decision that accords with Van Buren v. United States.

Tags:

Posted by Megan Iorio on June 14, 2021 11:29 AM |

June 15, 2021

Updated: Lina Khan Named Chair of Federal Trade Commission

Lina Khan was confirmed to the Federal Trade Commission by the U.S. Senate and named chair of the Commission by President Biden today. Khan received bipartisan support, with senators voting 69-28 in support of her confirmation. Khan is an expert on antitrust enforcement and served as counsel to House Antitrust Subcommittee Chairman David Cicilline during the Subcommittee's groundbreaking investigation last year. She has written extensively on the problems of concentrated power in the context of digital markets and said during her confirmation hearing that "I worry that some of these companies may think it's just worth the cost of business to actually violate privacy law." EPIC has long argued that the FTC is not doing its job to protect privacy and that the U.S. needs a Data Protection Agency. "Commissioner Khan has a tremendous opportunity as Chair to transform the FTC at a moment where anticompetitive and invasive business practices have proliferated," said Alan Butler, Executive Director of the Electronic Privacy Information Center (EPIC). "Large tech companies have increasingly infiltrated our lives to the most minute level, and it will take a keen and aggressive regulator to ensure that these powerful entities don't monopolize our markets and our data."

Tags:

Posted by Caitriona Fitzgerald on June 15, 2021 2:30 PM |

Senator Markey Introduces Bill to Ban Face Surveillance

Senator Edward J. Markey (D-Mass.), along with Senators Merkley, Sanders, Warren, and Wyden, as well as Congresswomen Jayapal, Pressley, and Tlaib today introduced legislation to stop government use of biometric surveillance, including facial recognition tools. The Facial Recognition and Biometric Technology Moratorium Act prohibits the use of facial recognition and other biometric technologies by federal agencies, including Customs and Border Protection. "Facial recognition poses a significant threat to our democracy and privacy," said Caitriona Fitzgerald, Deputy Director, Electronic Privacy Information Center (EPIC). "Facial recognition technology has been shown time and time again to be biased, inaccurate, and disproportionately harmful to people of color. The Facial Recognition and Biometric Technology Moratorium Act of 2021 would effectively ban law enforcement use of this dangerous technology. EPIC is proud to support it.” EPIC leads a campaign to Ban Face Surveillance and through the Public Voice Coalition has gathered support from over 100 organizations and experts from more than 30 countries. Recently, in an open letter EPIC and a coalition of more than 175 civil society organizations and prominent individuals called for "an outright ban on uses of facial recognition and remote biometric recognition technologies that enable mass surveillance and discriminatory targeted surveillance."

Tags:

Posted by Caitriona Fitzgerald on June 15, 2021 3:12 PM |

June 16, 2021

EPIC Releases Report on FTC's Unused Statutory Authorities

EPIC has released a report highlighting numerous statutory authorities that the Federal Trade Commission has failed to use to safeguard privacy. The report, What the FTC Could Be Doing (But Isn't) to Protect Privacy, identifies untapped or underused powers in the FTC's toolbox and explains how the FTC should deploy them to protect the public from abusive data practices. EPIC's report also criticizes the FTC's lack of effective privacy enforcement over the past two decades. "A common refrain from the Commission during this period is that it lacks the authority to address these mounting threats to individual privacy," the report explains. "But the FTC has not made full use of the authorities that it already has." The report comes a day after Lina Khan was confirmed to the FTC and named chairwoman of the Commission. EPIC has frequently challenged the FTC over its failure to address consumer privacy harms and has long advocated for the creation of a U.S. Data Protection Agency. EPIC also supports legislation that would restore the FTC's 13(b) authority to obtain restitution for individuals harmed by companies’ unlawful trade practices, which the Supreme Court recently curtailed in AMG Capital Management v. Federal Trade Commission.

Tags:

Posted by John Davisson on June 16, 2021 9:21 AM |

June 17, 2021

BREAKING: Sen. Gillibrand Introduces U.S. Data Protection Agency Bill

Senator Kirsten Gillibrand (D-NY) has introduced the Data Protection Act of 2021 which would create an independent Data Protection Agency in the United States to safeguard the personal data of Americans. EPIC, many leading consumer and civil rights organizations, privacy experts, and scholars support Senator Gillibrand's non-partisan bill. "It’s time for America to catch up with the rest of the world and create a Data Protection Agency," said Caitriona Fitzgerald, EPIC Deputy Director. "Congress’ ongoing failure to modernize our privacy laws imposes enormous costs on individuals, communities, and American businesses alike. We need a new approach. Senator Gillibrand’s Data Protection Act creates an agency dedicated to safeguarding the personal data of individuals and ensuring that data practices are fair and non-discriminatory. The Data Protection Act is the game-changing proposal we need in order to ensure adequate oversight over what has become a massive sector of our economy and affects the daily lives of all Americans. EPIC urges Congress to enact the Data Protection Act." EPIC has long advocated for the creation of a U.S. Data Protection Agency, arguing that the Federal Trade Commission is an ineffective agency, lacking basic competence for privacy protection. [Bill text] [Sen. Gillibrand Press Release]

Tags:

Posted by Caitriona Fitzgerald on June 17, 2021 11:20 AM |

Data Flow Deal Talks Fail Due to Lack of US Action on Privacy

The agreement on transatlantic cooperation reached by U.S. and EU leaders this week did not include the political agreement the White House was hoping for on transatlantic data deals. Last week, EPIC and 23 other leading civil society groups sent a letter to President Biden urging his Administration to ensure that any new transatlantic data transfer deal is coupled with the enactment of U.S. laws that reform government surveillance practices and provide comprehensive privacy protections. “The United States’ failure to ensure meaningful privacy protections for personal data is the reason that a growing number of countries are concerned about trans-border data flows,” the groups wrote. “Until the United States addresses this problem, concerns about data transfers to the United States will remain, and data flow agreements are likely to be invalidated.” In 2015, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor agreement. And in July 2020, the successor agreement, Privacy Shield, was also invalidated by the same court.

Tags:

Posted by Caitriona Fitzgerald on June 17, 2021 4:16 PM |

June 18, 2021

EPIC, Coalition Calls for Surveillance Reforms in Response to DOJ Surveillance of Congress and Reporters

In a coalition letter, EPIC and more than twenty civil society groups called for reforms to surveillance statutes authorizing collection of sensitive information and gag orders. The letter follows recent revelations that the Department of Justice spied on members of Congress and the press by collecting their communications and issued gag orders to hide that surveillance. The coalition also called for a thorough investigation by Congress and the DOJ. EPIC recently endorsed a bill to stop government use of facial recognition and other biometric surveillance tools.

Tags:

Posted by EPIC on June 18, 2021 9:50 AM |

EPIC Asks D.C. Circuit to Review Decision Endorsing Secrecy of Drone Advisory Committee Working Groups

EPIC has petitioned the full D.C. Circuit Court of Appeals to reverse a recent decision by a three-judge panel allowing the FAA's Drone Advisory Committee to conduct much of its work in secret. EPIC filed suit in 2018 against the industry-dominated Committee, which consistently ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records under the Federal Advisory Committee Act. But the lower court ruled that the Committee did not need to disclose records from its secretive subcommittees—a decision that divided panel of the D.C. Circuit affirmed in April. Circuit Judge Robert L. Wilkins, writing in dissent, accused the majority of "doing violence to the text" of the FACA and argued that the decision "undermines FACA's purpose and greenlights an easily abusable system[.]" EPIC's petition highlights ways in which the panel's opinion conflicts with past D.C. Circuit decisions and warns that the ruling gives federal agencies "a legal roadmap to evade the public scrutiny that Congress intended FACA to provide. " The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.).

Tags:

Posted by John Davisson on June 18, 2021 12:41 PM |

June 21, 2021

European Data Protection Authorities Issue Joint Call for Ban on Facial Recognition Across the EU

In a joint opinion regarding the European Commission's Proposal for Regulation on artificial intelligence, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) called for a ban on the use of "AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination." Europe's two main data protection authorities also critiqued the European Commission for failing to include international law enforcement efforts in the proposed regulations. The joint opinion is the latest in an increasing chorus of calls for a ban on facial recognition. EPIC has joined a number of coalitions urging a ban on facial recognition including: an international letter opposing the technology, a statement of concerns on police use of FR, and EPIC's Ban Face Surveillance campaign. EPIC recently endorsed legislation that would ban federal law enforcement use of facial recognition and pressure state law enforcement to do the same.

Tags:

Posted by EPIC on June 21, 2021 1:05 PM |

In EPIC Suit, DOJ Identifies 182 Location Data Requests in District of Rhode Island from 2016-2019

As part of EPIC's ongoing lawsuit for cell phone surveillance orders issued by federal prosecutors, the Department of Justice identified 182 orders and warrants for cell phone location data under ยง 2703(d) from the U.S. Attorney's Office for the District of Rhode Island from 2016-2019. During the same time period, the office handled 453 criminal cases. The District of Rhode Island is one of the smallest districts in the country. EPIC has previously obtained the number of location data requests for the District of Delaware and the Virgin Islands, two of the five districts that the DOJ has agreed to search for location data requests. EPIC is awaiting responses from two of the agency's other prosecutor's offices and will continue to update its comparative table as remaining districts release more information. Currently, prosecutors do not release any comprehensive or uniform data about their surveillance of cell phone location data. In 2018, the U.S. Supreme Court ruled in Carpenter v. United States that the collection of cell phone location data without a warrant is a violation of the Fourth Amendment. The case is EPIC v. DOJ, No. 18-1814 (D.D.C.).

Tags:

Posted by EPIC on June 21, 2021 2:20 PM |

June 23, 2021

House Judiciary Considering Antitrust Reform Bills

The House Judiciary Committee is today holding a markup session on six bills aimed at disrupting the monopoly power of Big Tech. EPIC has long argued that market consolidation in online platform threatens privacy. More than a decade ago, EPIC urged the FTC to block Google’s proposed acquisition of DoubleClick. EPIC said that the acquisition would enable Google to collect the personal information of billions of users and track their browsing activities across the web. EPIC correctly warned that this acquisition would accelerate Google’s dominance of the online advertising industry and diminish competition. The FTC ultimately allowed the merger to go forward. EPIC has since repeatedly warned FTC that other mergers posed similar risks to consumer privacy and competition, including Facebook's acquisition of WhatsApp.

Tags:

Posted by Caitriona Fitzgerald on June 23, 2021 3:59 PM |

June 24, 2021

4th Circuit Rules That Baltimore Warrantless Aerial Surveillance Program Violates Fourth Amendment

The en banc 4th Circuit ruled today that Baltimore's warrantless aerial surveillance program violates the Fourth Amendment because it "enables police to deduce from the whole of individuals' movements[.]" The Aerial Investigation Research program was a public-private partnership with Persistent Surveillance Systems that flew several surveillance planes above Baltimore, capturing detailed video of 32 square miles of the city per second. Using the AIR pilot program, Baltimore Police were able to track individual movements throughout the city for up to 12 hours a day. The pilot program was not renewed at the end of its 6-month term last year. EPIC joined an amicus brief in the case, arguing that under Carpenter v. United States the Baltimore Police Department's ability to track individuals with at least 45 days of flight video augmented by automated license plate reader systems constituted a search. EPIC previously filed an amicus brief in Carpenter v. United States and has long fought to limit drone surveillance and other forms of aerial spying.

Tags:

Posted by EPIC on June 24, 2021 4:50 PM |

June 25, 2021

Supreme Court Limits Standing to Sue in Credit Reporting Case

The U.S. Supreme Court issued a decision today in TransUnion LLC v. Ramirez, an important case about the ability of individuals to bring privacy cases in federal court. The Court, in a controversial 5-4 decision authored by Justice Kavanaugh, held that proof of "concrete harm" is required to establish standing to sue under Article III of the U.S. Constitution. The jury in this case found that TransUnion had willfully violated the Fair Credit Reporting Act (FCRA) when it falsely flagged the credit reports of thousands of individuals for being "Specially Designated Nationals" under the Office of Foreign Asset Controls list that includes terrorists, drug trafficers, and other sanctioned individuals. The Supreme Court held that the group of individuals who could prove that these false credit reports had been disclosed to third parties had standing to sue, but the group who did not provide evidence that their reports had been disclosed did not meet the burden under Article III.

This decision will have significant implications for individuals seeking redress in federal court for privacy violations that do not involve the improper disclosure of personal information. EPIC filed an amicus brief in TransUnion, urging the Court to hold that people can sue when their privacy rights are violated, regardless of whether they allege that the violation led to other harms. Justice Thomas, joined by three other members of the Court, agreed and would have ruled that standing exists in any case brought by an individual to vindicate a violation of their private rights. EPIC's Executive Director, Alan Butler, said that "the Supreme Court's decision in TransUnion does not close the door on all privacy claims, but it certainly makes it more difficult for individuals to seek redress in privacy cases that don't involve improper disclosure of information." EPIC previously filed an amicus briefs on this issue with the Supreme Court in Spokeo v. Robbins and frequently files amicus briefs in cases interpreting standing under a variety of privacy laws.

Continue reading "Supreme Court Limits Standing to Sue in Credit Reporting Case" »

Tags:

Posted by Alan Butler on June 25, 2021 3:00 PM |

June 28, 2021

Court Dismisses Facebook Antitrust Suits, But Says FTC Case Could Be Revived

A federal court in Washington, D.C. has dismissed a pair of antitrust lawsuits brought against Facebook by the Federal Trade Commission and 48 state attorneys general—but left open the possibility that the FTC could revive its case. The lawsuits allege that Facebook has illegally stifled competition to maintain its social networking monopoly, driving down "the quality and variety of privacy options" available to users (among other harms). But Judge James E. Boasberg ruled that the FTC and attorneys general had waited too long to challenge aspects of Facebook's Instagram and WhatsApp acquisitions, and that the FTC had failed to adequately define the social networking "market" in which Facebook exercises monopoly power. Judge Boasberg noted that the FTC may be able to correct the second issue in an amended complaint and move forward with its case. EPIC has long urged the Federal Trade Commission to block or unwind Facebook's acquisitions of Instagram and WhatsApp. In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. Despite these problems, the FTC allowed the merger to go forward.

Tags:

Posted by John Davisson on June 28, 2021 4:18 PM |

June 29, 2021

EPIC Signs on to Protect Encryption in the Brazilian Code of Criminal Procedure Updates

EPIC has joined other members of the Global Encryption Coalition in a letter urging Brazil to address proposed updates to the Brazilian Code of Criminal Procedure that would threaten encryption and data security in Brazil. The text as it stands could force companies using strong security protections - such as end-to-end encryption - to introduce security flaws into their systems to be used as backdoors for law enforcement. Such measures endanger users and encourage exploitation of these weaknesses. EPIC led the effort in the United States in the 1990s to support strong encryption tools and played a key role in the development of the international framework for cryptography policy that favored the deployment of strong security measures to safeguard personal information. EPIC also filed an amicus brief in Apple v. FBI in support of encryption.

Tags:

Posted by Caitriona Fitzgerald on June 29, 2021 2:07 PM |

GAO Finds Widespread Use of Facial Recognition Without Adequate Privacy Protections

In a report, the Government Accountability Office found that 13 federal law enforcement agencies are unable to track employees use of facial recognition services and reported that 20 agencies use some form of facial recognition. Eight agencies own systems while 17 agencies used a system outside the agency in the last two years. The report found that 10 agencies used Clearview AI and 5 used its competitor Vigilant Systems. The GAO also reported that most federal law enforcement agencies were unable to comply with Privacy Act and E-Government Act requirements because the agencies do not track employee use of outside facial recognition systems. EPIC has an ongoing lawsuit under the Freedom of Information Act seeking documents on Immigration and Customs Enforcement's use of Clearview AI and other facial recognition services. Recently, EPIC joined over 40 other organizations to detail the issues with law enforcement’s use facial recognition and call for a law enforcement ban on the technology's use.

Tags:

Posted by Jeramie D. Scott on June 29, 2021 2:39 PM |

Wisconsin Supreme Court Refuses to Limit Warrantless Forensic Searches of Cell Phones

The Wisconsin Supreme Court issued an opinion in Wisconsin v. Burch finding that cell phone data downloaded with a forensic device can be used in a subsequent, unrelated investigation and trial regardless of whether the data was initially obtained without a warrant in violation of the Fourth Amendment. A police department used a forensic device to download the entire contents of the defendant's phone while investigating a hit-and-run and retained a full copy indefinitely. The sheriff's office later accessed and searched the copy during an unrelated homicide investigation and used the defendant's cell phone data as evidence during his trial. The Wisconsin Supreme Court refused to decide the constitutional question. Instead, the Court found that the evidence should not be excluded because the police "acted by the book" and there was no conduct to deter with exclusion. The Court said that the sheriff's office "ha[d] every reason to think [the downloaded data] was lawfully obtained" and found there was no police misconduct because it is "common police practice to share records with other agencies." Dissenting from this holding, Judge Bradley, along with two other justices of the court, recognized that law enforcement "generally needs a warrant to search the data [cell phones] hold." She added that the exclusionary rule should apply in this case because "excluding evidence obtained by following such an unlawful and widespread policy provides significant societal value by both specifically deterring continued adherence to an unconstitutional practice and more broadly incentivizing police agencies to adopt policies in line with the Fourth Amendment." EPIC, along with the ACLU and EFF, filed an amicus brief in the case that argued that the unchecked use of forensic devices to download, store, and share cell data violated the Fourth Amendment by "enabl[ing] the State to rummage at will among a person's most personal and private information whenever it wanted, for as long as it wanted" without a warrant. EPIC regularly files amicus briefs challenging unlawful access to cell phone data.

Tags:

Posted by Melodi Dincer on June 29, 2021 3:04 PM |

June 30, 2021

Maine Becomes First State to Enact Statewide Ban on Face Surveillance

The Maine Legislature has enacted the country's strongest statewide facial recognition law. Maine's new law prohibits public officials and public employees at the state, county and municipal levels from possessing and using facial recognition technology, with extremely limited exceptions. The Maine law includes a private right of action, meaning that individuals may bring a lawsuit if they believe a government agency or official has violated the law. EPIC Board Member Shoshana Zuboff testified in support of the legislation. "An individual’s ability to control access to his or her identity and personal information, including determining when, how, and to what purpose these are revealed, is an essential aspect of personal security and privacy guaranteed by the Bill of Rights," Professor Zuboff said. "The use of facial recognition technology erodes that ability." EPIC has joined a number of coalitions urging a ban on facial recognition including: an international letter opposing the technology, a statement of concerns on police use of FR, and EPIC's Ban Face Surveillance campaign. EPIC recently endorsed legislation that would ban federal law enforcement use of facial recognition and pressure state law enforcement to do the same.

Continue reading "Maine Becomes First State to Enact Statewide Ban on Face Surveillance" »

Tags:

Posted by Caitriona Fitzgerald on June 30, 2021 2:35 PM |

Search


About June 2021

This page contains all entries posted to epic.org in June 2021. They are listed from oldest to newest.

May 2021 is the previous archive.

July 2021 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3