Previous Top News: 2010
- Social Security Protection Act of 2010 Becomes Law
President Obama signed a bill aimed at reducing identity theft by limiting the Government's use of and access to social security numbers. The bill, which passed the House and Senate, prohibits government agencies from printing social security numbers on checks and from allowing prison inmates access to social security numbers. "Social Security numbers are among Americans' most valuable but vulnerable assets," said Sen. Feinstein, a sponsor of the bill. "Identity theft is a serious concern for all consumers, and we should make every effort to protect personal information." EPIC has testified many times before Congress on the need to safeguard the SSN, including House hearings in 2000, 2001, 2006, 2007 and EPIC has also litigated important cases on SSN privacy. For more information, see EPIC: Social Security Numbers, EPIC: Identity Theft, and EPIC: Doe v. Chao. (Dec. 23, 2010) - President Signs "Truth in Caller ID" Bill
President Obama signed the "Truth in Caller ID Act," banning the transmission of misleading or inaccurate caller ID information "with the intent to defraud, cause harm, or wrongfully obtain anything of value." This change will affect "any real time voice communications service, regardless of the technology or network utilized." EPIC recommended this intent requirement in testimony before the House in 2006 and 2007, and before the Senate in 2007, so that Privacy Enhancing Techniques (PETs) would not be criminalized. For more information, see EPIC: Caller ID. (Dec. 23, 2010) - Gallup Poll Shows Public Opposed to Online Tracking
A new Gallup poll reveals that 67% of U.S. Internet users do not believe advertisers should "be allowed to match ads to your specific interests based on websites you have visited." Even when confronted with the idea that these targeted ads could keep costs down for users, 61% of those polled said these tracking techniques are "not worth the invasion of privacy involved." These results indicate that the public may support a Do Not Track mechanism, which the Federal Trade Commission recommended establishing in its privacy report. EPIC submitted a statement to Congress saying that an effective Do Not Track initiative must ensure that a consumer's decision to opt-out is "enforceable, persistent, transparent, and simple." For more information, see EPIC: Online Tracking and Behavioral Profiling. (Dec. 22, 2010) - Oral Argument Set in EPIC Lawsuit to Suspend Airport Body Scanners
The United States Court of Appeals for the District of Columbia Circuit has scheduled oral argument in EPIC's case, No. 10-1157, against the Department of Homeland Security. The court set a March 10, 2011 date for the parties to present oral argument before the Court. EPIC filed suit against the Department of Homeland Security to suspend the body scanner program because it is "unlawful, invasive, and ineffective." In its opening brief, EPIC argued that the federal agency has violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, the Video Voyeurism Prevention Act, and the Fourth Amendment. For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology. (Dec. 21, 2010) - Delaware Court Strikes Down Warrantless GPS Tracking
The Delaware Superior Court has ruled that police must obtain a warrant before using GPS devices to monitor vehicles. The Court said that the Delaware Constitution protects its citizens' reasonable expectation of privacy from "constant surveillance." "Everyone understands there is a possibility that on any one occasion or even multiple occasions, they may be observed by a member of the public or possibly law enforcement," the Court reasoned, "but there is not such an expectation that an omnipresent force is watching your every move." In a related case, the Massachusetts Supreme Court held that a warrant is required for the use of a GPS tracking device. EPIC filed an amicus brief in that case. For more information, see EPIC: Commonwealth v. Connolly and EPIC: Locational Privacy. (Dec. 17, 2010) - Court of Appeals Requires Warrant for Access to Location Data
The Third Circuit Court of Appeals affirmed an earlier decision that the government cannot seize historical cell-site data without first satisfying strict warrant requirements. The data identifies the location of the towers nearest to a mobile phone user at the beginning and end of each call, often logged over more than a year's time. A Pennsylvania magistrate required "probable cause" for access to a suspect's cell-site data. When the government appealed, the Third Circuit upheld the magistrate judge's decision. After the government's second appeal for a rehearing, the Third Circuit has once again upheld the requirement for a higher showing. For more information, see EPIC: Wiretapping and EPIC: Locational Privacy. (Dec. 17, 2010) - Federal Appeals Court Finds A "Reasonable Expectation of Privacy" in Email
The Sixth Circuit Court of Appeals has ruled that the Constitution establishes greater protections for stored email than is set out in federal laws. In Warshak v. United States, the government compelled an internet service provider to reveal 27,000 emails without securing a warrant or giving notice to the customer, Steven Warshak. The Court held that the seizure violated Warshak's Fourth Amendment rights. In response to the Government's assertions that its actions were based on the Stored Communications Act, the Court responded "to the extent that the SCA purports to permit the government to obtain such emails warrantlessly, the SCA is unconstitutional." The Sixth Circuit joins the First Circuit in finding that email is subject to strong protections under electronic privacy laws. EPIC joined a group of civil liberties organizations and Professor Orin Kerr to submit a "Friend of the Court" brief in U.S. v. Councilman, a First Circuit case concerning email and the Wiretap Act. A separate amicus brief in Councilman from leading technology experts explained that privacy protection is "critical for electronic mail." For more information, see EPIC: Wiretapping. (Dec. 17, 2010) - EPIC Reminds DHS that "Fusion Centers" are Subject to the Federal Privacy Act
EPIC has submitted comments [1], [2] to two departments in the Department of Homeland Security concerning the establishment of federal "fusion centers" that would contained detailed personal information on US citizens. The Department of Homeland Security is seeking to exempt these databases from key protections in the Privacy Act. EPIC said that the Department must comply with Privacy Act requirements. The Media Freedom and Information Access Practicum Information Society Project at Yale Law Law School has also submitted comments on the DHS plan. For more information, see EPIC: Information Fusion Centers and Privacy, EPIC: Total Information Awareness, and EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill). (Dec. 16, 2010) - Commerce Department Releases Data Privacy Report
The Department of Commerce Internet Policy Task Force released a Green Paper on "Commercial Data privacy and Innovation in the Internet Economy: A Dynamic Policy Framework." The report calls for the adoption of Fair Information Practices (FIPs), the development of privacy codes of conducts, and the creation of a privacy office in the Department of Commerce. But theCommerce report stops short of a legislative proposal and an independent privacy agency. Oddly, the report cites the 1990s "Safe Harbor" Arrangement as a successful policy initiative. EPIC has routinely advocated the adoption of FIPs as the basis for strong privacy laws and has recommended the establishment of a federal privacy agency. (Dec. 16, 2010) - Google Violated New Zealand Privacy Law
The New Zealand Privacy Commissioner found that Google violated New Zealand privacy law when its Street View vehicles collected data, including the content of personal emails, from wireless routers located in private homes and businesses. The Privacy Commissioner said that Google "breached our privacy law when it collected the content of people's communications." Several countries, including the U.K., Germany, Spain, and Canada, have conducted similar investigations and determined that Google violated their privacy laws. In the U.S., the Federal Communications Commission opened an investigation after EPIC filed a complaint, asking the Commission to investigate possible violations of federal wiretap law and the Communications Act. For more information, see EPIC: Google Street View. (Dec. 15, 2010) - Vermont Urges Supreme Court to Overturn Second Circuit's Medical Privacy Decision
The State of Vermont has petitioned the Supreme Court to review a Court of Appeals decision striking down the state's prescription confidentiality law. The law regulates data mining companies that sell or use doctors' prescribing records containing personal information on patients. EPIC had filed a "friend of the court" brief in support of the law. The decision, issued by the Second Circuit, diverged significantly with two previous decisions upholding similar laws in the First Circuit. Vermont's brief emphasized the importance of consistency across state boundaries, listing twenty six other states considering proposed prescription confidentiality laws. The Vermont Attorney General wrote, "As the ability to amass volumes of information about prospective customers - including health care providers - grows, States and other regulators need guidance as to the scope of their ability to allow individual Americans to control access to and use of their information." For more information, see EPIC: IMS Health v. Sorrell and EPIC: IMS Health v. Ayotte. (Dec. 14, 2010) - Study: TSA Whole Body Scanners Ineffective at Detecting Explosives
Evidence mounts that TSA’s whole-body scanners are not designed to detect powdered explosives or other low-density materials that pose a threat to airline safety. Leon Kaufman and Joseph W. Carlson’s new study finds that “Even if exposure were to be increased significantly, normal anatomy would make a dangerous amount of plastic explosives with tapered edges difficult, if not impossible to detect.” Kaufman and Carlson’s study examined the imaging and device specifications of the backscatter machines to estimate the penetration and exposure to the body from the x-ray beam and the machines’ sensitivity to contraband. The authors’ study also echoes concerns about the health risks associated with the backscatter devices. EPIC has filed a lawsuit against the Department of Homeland Security to suspend the body scanner program because it is "unlawful, invasive, and ineffective." For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology. (Dec. 14, 2010) - United Nations Marks International Human Rights Day 2010
December 10 marks the United Nation's annual International Human Rights Day, which celebrates the signing of the Universal Declaration of Human Rights. The Declaration sets forth universal privacy rights in Article 12 and rights to freedom of expression in Article 19. The Declaration's importance and influence is recognized in the U.S. State Department's annual Human Rights Reports. In 2009, the Public Voice published the Madrid Privacy Declaration, which affirmed these international rights to privacy and free and open expression. You can find more information and resources through the U.N. Dag Hammarskjöld Library's Human Rights Day page. (Dec. 10, 2010) - EPIC Advises Congress on Do Not Track Proposal
EPIC submitted a statement to the House Energy and Commerce Committee, following a hearing on "Do Not Track Legislation: Is Now the Right Time?" Congress is considering proposals that would enable users to opt-out of third-party web tracking, including behavioral advertising. EPIC recommended that Congress review the lessons learned from the history of the Do Not Call List and the Telephone Consumer Protection Act. EPIC said that an effective Do Not Track initiative must ensure that a consumer’s decision to opt-out is "enforceable, persistent, transparent, and simple." For more information, see: EPIC: Online Tracking and Behavioral Advertising. (Dec. 10, 2010) - Connecticut Attorney General Demands Google Street View Data
Connecticut Attorney General, and Senator-elect, Richard Blumenthal issued a "civil investigative demand," similar to a subpoena, for access to the data Google's Street View cars collected from homes and businesses in Connecticut. "Google's story changed," Blumenthal said, "first claiming only fragments were collected, then acknowledging entire emails." Google's purposeful and secretive collection of wifi data occurred in thirty countries over a three-year period, and several countries are investigating. The data sought by the Connecticut AG could provide evidence of illegal activity in the United States. The Federal Communications Commission has also opened an investigation after EPIC filed a complaint, asking the Commission to investigate Google's possible violations of federal wiretap law and the U.S. Communications Act. For more information, see EPIC: Google Street View. (Dec. 10, 2010) - Court Finalizes Briefing Schedule in EPIC v. DHS Body Scanner Case
The United States Court of Appeals for the District of Columbia Circuit has finalized a briefing schedule in EPIC's case, No. 10-1157, against the Department of Homeland Security. The court has set a December 23, 2010 deadline for the agency's brief and a January 6, 2011 deadline for EPIC's reply. Final briefs will be due on January 27, 2011. EPIC has filed suit against the Department of Homeland Security to suspend the body scanner program because it is "unlawful, invasive, and ineffective." In its opening brief, EPIC argued that the federal agency has violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, the Video Voyeurism Prevention Act, and the Fourth Amendment. For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology. (Dec. 9, 2010) - EPIC Urges Investigation of White House FOIA Review Policy
In a letter (Appendix 1-6, 7-12, 13-18)sent today to the FOIA Ombudsman, EPIC recommended an investigation of the Department of Homeland Security’s policy of referring FOIA requests to political appointees in the White House. Under the DHS policy, political appointees receive detailed information about the identity of FOIA requesters and the topics of their requests. This policy is contrary to federal law and Supreme Court holdings, as the FOIA does not permit agencies to select FOIA requests for political scrutiny. The release of over 1,000 agency documents reveals a persistent agency practice of flagging FOIA requests from EPIC and other organizations for referral to political appointees. For related information see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010. (Dec. 8, 2010) - Public Comments Sought on Federal "Fusion Centers"
The National Protection and Programs Directorate (NPPD) [1] [2] and the Office of Operations [1] [2] at the Department of Homeland Security are seeking comments on Fusion centers, intelligence databases that have raised substantial privacy concerns. Information in fusion centers comes from many sources, including government agencies, private sector firms and anonymous tipsters. EPIC has urged Congress to improve accountability and oversight of this program. An EPIC FOIA lawsuit also revealed that federal Fusion Centers undermine state privacy and open government laws. Comments are due December 15, 2010. For More Information, see EPIC: Information Fusion Centers and Privacy, EPIC: Total Information Awareness, and EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill). (Dec. 3, 2010) - Federal Trade Commission Recommends Do Not Track, Privacy by Design, and Short Privacy Notices
The Federal Trade Commission released a preliminary staff report on privacy, following a series of public roundtable discussions. The report recommends the establishment of a Do Not Track mechanism, the adoption of a "privacy by design" techniques, and the use of simplified consumer privacy notices. However, the FTC report did not address the privacy implications of cloud computing and social networking, the need for a US privacy agency, or a comprehensive federal privacy law based on "Fair Information Practices," as privacy groups had urged. For more information, see EPIC: Federal Trade Commission. (Dec. 2, 2010) - European Union Opens Anti-Trust Investigation of Google
The European Commission announced it is investigating Google for potential anti-trust violations. The Commission decided to initiate formal proceedings against Google after complaints from search-service providers "about unfavorable treatment of their services in Google's unpaid and sponsored search results coupled with an alleged preferential placement of Google's own services." EPIC previously filed a complaint with the Federal Trade Commission regarding Google’s proposed merger with the advertising company DoubleClick and its implications for consumer privacy. EPIC Executive Director Marc Rotenberg also testified in Congress during the review of this merger, urging the Federal Trade Commission to establish privacy safeguards as a condition of the merger. When the Agency approved the merger without any conditions, EPIC charged that the Agency had "reason to act, and authority to act, but failed to do so." For more information, see EPIC: Google DoubleClick. (Dec. 1, 2010) - Federal Trade Commission Acts Late and Ineffectively on EPIC Complaint Regarding Echometrix
The Federal Trade Commission announced a settlement of its charges against Echometrix, over one year after EPIC filed a complaint in this matter. Echometrix is a software company that sold "parental control software" that collected data on children using the Internet for marketing purposes. Under the settlement with the Agency, Echometrix agreed not to share any data and to destroy the information it had collected in its marketing database, but was not required to pay any fines. EPIC's complaint to the Agency highlighted several aspects of Echometrix products that threatened consumer privacy, and alleged that Echometrix had engaged in unfair and deceptive trade practices and violated the Children's Online Privacy Protection Act. In contrast to the Federal Trade Commission, the Defense Department quickly canceled a contract with Echometrix following EPIC's complaint, and the New York Attorney General filed charges against the company, which resulted in Echometrix paying a $100,000 penalty to the state of New York. For more information, see EPIC: Echometrix. (Nov. 30, 2010) - European Data Protection Supervisor Endorses Commission Strategy for Strong and Effective Data Protection
During a press conference, Peter Hustinx, the European Data Protection Supervisor, discussed the future of the EU legal framework for data protection and supported the recent EU Commission strategy to strengthen EU data protection rules. The European Commission communication proposes to "protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU." The key goals include strengthening the rights of individuals, enhancing the free flow of information, extending privacy safeguards to police and criminal justice records systems, ensuring high levels of protection for data transferred outside of the European Union, and more effective enforcement of privacy rules. For more information, see EPIC - EU Data Protection Directive. (Nov. 29, 2010) - Federal Appeals Court Overturns Vermont Medical Privacy Law
The Second Circuit Court of appeals has ruled that a Vermont privacy law violates the First Amendment. The law regulated data mining companies that sell or use doctors' prescribing records containing personal information on patients. EPIC, and several privacy technology experts, had filed a "friend of the court" brief in support of the law. Writing in dissent and siding with EPIC, Judge Debra Ann Livingston said that the majority reached the "wrong result," creating "precedent likely to have pernicious broader effects" on medical privacy case law. A similar medical privacy law was upheld by the First Circuit Court of Appeals. For more information, see EPIC: IMS Health v. Sorrell and EPIC: IMS Health v. Ayotte (Nov. 29, 2010) - Google Seeks to Patent Scheme to Use Street View Data to Identify Internet Users
In a pending patent application, Google describes its plans for using wireless data, some captured by its Street View vehicles, to identify and link users to their geographical location. In the application, Google explains how it would verify a user's identity by sending the user a "challenge" based on the user's geographic location. Wi-Fi data collection is critical for this patent application. Google had previously denied that it would link Wi-Fi data to particular users, and omitted any mention of user identification from its statement regarding its Street View Wi-Fi data collection. For more information, see Google: Street View. (Nov. 29, 2010) - EPIC Demands Documents from DHS about Mobile Body Scanners, Use of Devices at Trains Stations and Stadiums
EPIC has filed a Freedom of Information Act request with the Department of Homeland Security, demanding that the agency turn over documents concerning the use of body scanner technology by law enforcement agencies in surface transit and street-roaming vans. EPIC cited previous DHS testing of body scanners on New Jersey's PATH trains and the development of street-roaming backscatter vans. EPIC has also filed a lawsuit to suspend body scanner program. EPIC has called the devices "invasive, inefffective, and unlawful." For more information, see: EPIC: Whole Body Imaging and EPIC: EPIC v. DHS. (Nov. 24, 2010) - Majority of Americans Now Oppose Body Scanners and TSA Pat Downs
A new poll by Zogby International finds that 61% of Americans polled between Nov. 19 and Nov. 22 oppose the use of full body scans and TSA pat downs. Of those polled, 52% believe the enhanced security measures will not prevent terrorist activity, almost half (48%) say it is a violation of privacy rights, 33% say they should not have to go through enhanced security methods to get on an airplane, and 32% believe the full body scans and TSA pat downs to be sexual harassment. The Zogby Poll is the most recent survey of American opinion on the new airport screening procedures. Combined with earlier polls by USA Today and the Washington Post-ABC News, the Zogby Poll reflects declining support for the TSA program. (Nov. 23, 2010) - EPIC Challenges DoD FOIA Processing Policies
EPIC filed a request with the FOIA Ombudsman challenging the Department of Defense's unlawful assertion that the DoD has the statutory authority to administratively withdraw a FOIA request without input or consultation from the FOIA requester. DoD made the assertion in response to a FOIA request EPIC had filed seeking documents detailing the agency's agreements with Project Vigilant, a private sector company that monitors Internet Service Providers and provides that information to federal agencies. The FOIA Ombudsman is authorized to review policies and procedures of administrative agencies, review compliance by administrative agencies, and recommend policy changes to Congress and the President. EPIC requested that the FOIA Ombudsman investigate DoD's policies and publish a report of its findings. For related information see Litigation Under the Federal Open Government Laws 2010 and EPIC: Open Government. (Nov. 23, 2010) - EPIC Releases Analysis on TSA Body Scanner Program - "Deployment and contracting for body scanners should be suspended"
EPIC is making available to the public today the report EPIC prepared in January 2010, following the release of documents from the DHS in an open government lawsuit. The analysis, based on the internal records obtained from the agency, reveals that the "device specifications, set out by the TSA, include the ability to store, record, and transfer images, contrary to the representations made by the TSA...include hard disk storage, USB integration, and Ethernet connectivity that raise significant privacy and security concerns...include "super user" ("Level Z") status that allows the TSA itself to disable filters and to export raw images..." The EPIC memo states "Based on the materials received to date, EPIC concludes that further deployment and contracting for body scanners should be suspended until the privacy and security problems identified are adequately resolved." The documents were obtained in EPIC v. DHS (FOIA) EPIC has since filed papers in federal court to suspend the program. See EPIC v. DHS (body scanners). (Nov. 22, 2010) - Congress Raises New Questions About Airport Screening Procedures
Rep. Bennie G. Thompson (D-MS) and Rep. Sheila Jackson-Lee (D-TX), two leading members of Congress, have sent a letter to TSA Administrator John S. Pistole, objecting to the new airport screening procedures. Reps. Thompson and Lee wrote, "we are concerned about new enhanced pat down screening protocols and urge you to reconsider utilization of these protocols." Reps. Thompson and Lee further said that "the TSA should have had a conversation with the American public" and should have ensured that "these changes do not run afoul of privacy and civil liberties." EPIC has filed a lawsuit against the TSA for failing to provide an opportunity for public comment, which is required by law, and implementing a screening procedure that violates privacy. EPIC President Marc Rotenberg has called the new screening procedures "invasive, unlawful, and ineffective." For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. DHS. (Nov. 21, 2010) - EPIC Files FOIA Suit to Force Disclosure of Body Scanner Radiation Risks
EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security, seeking records concerning radiation emissions and exposure associated with airport full body scanners. The Department recently implemented the scanners as a primary screening mechanism for all airline travelers. In August, many senators questioned the safety of the scanners. In September, Ralph Nader also sent a letter to the Senate expressing concern about radiation exposure. Earlier this year, EPIC requested DHS to release all information about radiation emissions. DHS failed to respond to EPIC's FOIA request and when DHS also failed to reply to EPIC's administrative appeal, EPIC filed a lawsuit in federal court. Earlier EPIC FOIA lawsuits uncovered evidence that body scanners can store and record images and that the Marshals Service had captured more than 35,000 images. For more information see, EPIC v. DHS (Body scanner images) and EPIC v. DOJ (Body scanner images). (Nov. 19, 2010) - Rep. Ron Paul Introduces Bill to Halt Body Scanner Program
Representative Ron Paul introduced a bill that would hold TSA agents legally accountable for airline screening procedures. Rep. Paul cited abusive screening procedures as the reason for the legislation, titled the American Traveler Dignity Act. In a floor speech, Representative Paul also endorsed National Opt-Out Day, a grassroots movement of passengers who plan to refuse the devices on November 24th. EPIC is suing in federal court to suspend the body scanner program. For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. DHS. (Nov. 18, 2010) - New York City Moves to Ban Body Scanners
Members of the New York City Council announced today that they would introduce legislation to ban the use of body scanners in New York City. Councilmember David Greenfield said, "I am deeply troubled that we are subjecting New Yorkers to this humiliating process, which breaches the most basic privacy rights." EPIC President Marc Rotenberg joined the Councilmembers on the steps of City Hall for the announcement. For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Nov. 18, 2010) - Senators Grill TSA Official About Airport Body Scanners
In a hearing before the Senate Committee on Commerce, Science, and Transportation, Sentors asked TSA Administrator John Pistole tough questions about the privacy and health implications of airport body scanners. Senators also asked about the invasiveness of pat-downs and the problems that the machines pose for religious objectors. Pistole failed to provide proof of independent studies regarding radiation risks and consistently downplayed privacy and religious concerns. EPIC has filed a lawsuit to suspend the body scanner program, calling the program "unlawful, invasive, and ineffective." For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Nov. 17, 2010) - EPIC Files Amicus Brief in Supreme Court Case on "Personal Privacy"
EPIC has filed a "friend of the court" brief in a case concerning the meaning of "personal privacy." EPIC urged the Justices to reject AT&T's claim that its "personal privacy" prevents the public disclosure of records subject to the Freedom of Information Act. EPIC cited the commonly understood meaning of "personal privacy" in the work of legal scholars and technical experts, as well as the use of these terms in an extensive survey of US privacy laws. The records at issue in the case pertain to contract work for the federal government. The Supreme Court agreed to review a lower court opinion which held that AT&T could assert a personal privacy interest. EPIC's brief argued that if upheld, the lower court's "interpretation of 'personal privacy' would stand as an outlier, untethered to common understanding, legal scholarship, technical methods, or privacy law." For more information, see EPIC: FCC v. AT&T. (Nov. 15, 2010) - Senate to Hold Hearings on TSA, Congress to Examine Impact of Body Scanner Program on Airline Industry
The Senate Committee on Commerce, Science, and Transportation will hold an oversight hearing on the Transportation Security Administration on November 17, 2010. Hon. John S. Pistole, the TSA Administrator, is expected to testify. EPIC has filed a lawsuit to suspend the body scanner program, calling it "unlawful, invasive, and ineffective." Opposition to the program is growing. The Libertarian Party, the American Pilots Association, Airline CEOs, flyers rights organizations, religious groups, and others are calling for an end to invasive searches at airports. A National Opt-Out Day is scheduled for November 24. For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Nov. 15, 2010) - Wall Street Journal Confirms FCC Investigation of Google Street View Following EPIC Complaint
The Wall Street Journal reported today that the Federal Communications Commission has opened an investigation into Google's secretive interception and collection of wifi data collection. This occurred in thirty countries over a three year period and is linked to Google "Street View" vehicles which many thought simply captured digital images. In May, EPIC filed a complaint with the Commission, asking it to investigate Google's possible violations of federal wiretap law and the U.S. Communications Act. Investigations in other countries have revealed that Google secretly collected passwords, email, and sensitive medical data from millions of Internet users, and also built an extensive database of personal information associated with private residential wifi routers. The Federal Trade Commission recently ended its inquiry into Google Street View, even though members of Congress had urged a comprehensive investigation. For more information, see EPIC - Investigation of Google Street View. (Nov. 10, 2010) - FTC Appoints Executive Director, Chief Technology Officer
The Federal Trade Commission has announced that Eileen Harrington will be rejoining the Commission as the Executive Director. Harrington was recently the Chief Operating Officer at the U.S. Small Business Administration, following a 25-year stint at the Commission in a variety of positions. The Commission has also announced that Princeton University professor Dr. Edward W. Felton has been named as Chief Technologist, a new position that will focus on evolving technology and policy issues. Dr. Felten was the founding director for Princeton’s Center for Information Technology Policy. For more information, see EPIC: Federal Trade Commission. (Nov. 9, 2010) - Government Seeks to Exclude Religious Objectors from EPIC Body Scanner Challenge, EPIC Opposes DHS Motion
In a motion filed in the DC Circuit Court of Appeals, the Department of Homeland Security has attempted to exclude religious objector Nadhira Al-Khalili from EPIC's body scanner lawsuit. Ms. Al-Khalili is Legal Counsel for the Council on American Islamic Relations, one of the organizations that supported EPIC's petition, which is the basis for the challenge to the body scanner program. Ms. Al-Khalili's claims are based on the Religious Freedom Restoration Act and Islamic modesty requirements. EPIC has opposed the government's motion and stated that the agency is "simply afraid to have the Religious Freedom Restoration Act claims heard by this Court." EPIC further argued that "Respondents hope by seeking to exclude Ms. Al- Khalili . . . they will avoid judicial scrutiny of an agency practice that substantially burdens the free exercise of religion in violation of federal law." For more information, see EPIC: EPIC v. DHS (Emergency Stay, Body Scanners) and EPIC: Whole Body Imaging Technology. (Nov. 9, 2010) - In Open Government Case, Government Opposes "Personal Privacy" Rights for Corporations
The Solicitor General filed the government's brief in an important Supreme Court case that will determine if corporations have personal privacy rights in Freedom of Information Act cases. The Solicitor General is defending the FCC's decision to disclose records pertaining to an investigation concerning AT&T. AT&T challenged the agency and a federal appeals court sided with AT&T and held that the FOIA grants corporations personal privacy rights. In its brief, the Solicitor General argues that the opinion is "a singular outlier in an otherwise uniform body of more than 35 years of decisional law and commentary." EPIC will file an amicus brief in support of the FCC. For more information, see EPIC: FCC v. AT&T. (Nov. 9, 2010) - Labor Relations Board Files Complaint against Company over Facebook Post
The National Labor Relations Board has issued a complaint against American Medical Response of Connecticut for firing an employee who complained about her supervisor on Facebook. The company claimed that it fired the employee for violating its policy against depicting the company on a social media site. The NLRB's complaint states that the company's blogging and internet posting policy is overly broad; the company illegally denied union representation during the investigation; and that the firing violated an employee's right to engage in concerted activities. The National Labor Relations Act protects an employee's right to engage in group activities, such as discussing work-related issues, to improve workplace conditions. A hearing is scheduled for January 25, 2011. For related information, see EPIC: Workplace Privacy and EPIC: Social Networking Privacy. (Nov. 9, 2010) - Libertarian Party Endorses EPIC Body Scanner Lawsuit
Libertarian Party Chair Mark Hinkle said today, "The TSA should end the strip-search machine program immediately. We've reached a point where our government has no qualms about humiliating us." Mr. Hinkle expressed support for the EPIC lawsuit aimed at suspending the body scanner program. Mr. Hinkle further said, "We encourage Americans to call their newly-elected members of Congress and tell them that they don't want this expensive, worthless, intrusive, unconstitutional program." The Libertarian Party is America's third-largest political party. For more information, see EPIC v. DHS. (Nov. 5, 2010) - Europe Moves Forward with Comprehensive Strategy for Privacy Protection
The European Commission announced today a strategy to "protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU." The key goals include strengthening the rights of individuals, enhancing the free flow of information, extending privacy safeguards to police and criminal justice records systems, ensuring high levels of protection for data transferred outside of the European Union, and more effective enforcement of privacy rules. The new policy will build on the 1995 EU Data Directive which is the foundation for much of privacy law across Europe. The Commission is encouraging public comments on the proposal. The Commission also posted a FAQ on Data Protection Reform. For more information, see EPIC - EU Data Protection Directive. (Nov. 4, 2010) - EPIC Publishes 2010 Open Government Litigation Manual
EPIC's "Litigation Under the Federal Open Government Laws" is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, and other related laws. The book include the complete texts of the relevant acts and sample pleadings for litigators. This is a comprehensive guide to FOIA and open government, essential for anyone interested in open access laws. The twenty-fifth edition includes the texts of President Obama’s January 2009 memo on Open Government, Attorney General Holder’s March 2009 memo on FOIA Guidance, and the new executive order on declassification. Also included are contact details for federal FOIA offices, information about the new Office of Government Information Services, and international open government resources. The EPIC 2010 FOIA manual is now available for sale. (Nov. 3, 2010) - Information Commissioner Finds Google Violated UK Privacy Laws
British officials announced that Google violated UK data protection laws when the company's Street View cars collected wifi data from private wireless networks. In lieu of a fine, Google UK will undergo an audit and must sign a commitment to ensure that data protection breaches do not happen again. UK Information Commissioner stated that "the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.". EPIC is requesting documents from the US Federal Trade Commission under the Freedom of Information Act to determine why the agency ended the US inquiry into Google Street View, even after members of Congress urged a comprehensive investigation. For more information, see EPIC: Street View. (Nov. 3, 2010) - In Opening Brief, EPIC Urges Federal Appeals Court to Suspend Airport Body Scanner Program
EPIC has filed the opening brief in EPIC v. DHS, No, 10-1157, a case that challenges the unilateral decision of the TSA to make body scanners the primary screening technique in U.S. airports. Three frequent air travelers are joining EPIC in the lawsuit: security expert Bruce Schneier, human rights activist Chip Pitts, and the Council on American-Islamic Relations legal counsel Nadhira Al-Khalili. The Petitioners have brought claims under the Administrative Procedure Act, the Privacy Act, the Video Voyeurism Prevention Act, the Religious Freedom Restoration Act, and the Fourth Amendment. The Petitioners are seeking the suspension of the body scanner program. In its brief, EPIC argues that the Department of Homeland Security "has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history." EPIC further argues that the Transportation Security Administration "must comply with relevant law, and it must not be permitted to engage in such a fundamental change in agency practice without providing the public the opportunity to express its views." For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology. UPDATE: Read EPIC's press release here. (Nov. 1, 2010) - Federal Trade Commission Closes Noninvestigation of Google Street View
The Federal Trade Commission has sent a letter to Google, ending an investigation that never began. In May, the Federal Trade Commission was asked by members of Congress to investigate Google's secretive collection of wifi data as part of Street View, a mapping program characterized by the collection of digital imagery. In a letter to Federal Communications Commission, EPIC further explained that Google's conduct likely violated federal wiretap law. Subsequent investigations in other countries revealed that Google secretly collected passwords, email, and sensitive medical data from millions of Internet users, and also built an extensive database of personal information associated with private residential wifi routers. However, the Federal Trade Commission never pursued an independent investigation of Street View, examined the data collected by Google in the United States, or even acknowledged the findings of other agencies. Investigations are still pending in several countries and 37 states in the U.S. For more information, see EPIC: Google Street View. (Oct. 27, 2010) - EPIC releases 2010 E-Deceptive Campaign Practices Report
The Electronic Privacy Information Center released the 2010 update to its "E-Deceptive Campaign Practices: Technology and Democracy 2.0" report, first published in 2008. The report reviews the potential for abuse of Internet-based technology in the election context, and makes recommendations on steps that should be taken by Election Administrators, voters, and those involved in Election Protection efforts. E-Deceptive campaigns are internet-based attempts to misdirect targeted voters regarding the voting process, and include false statements about poll place hours, election dates, voter identification rules, or voter eligibility requirements. For more information, see EPIC: Voting. (Oct. 27, 2010) - Public Voice Hosts Global Privacy Conference in Jerusalem
The civil society conference featured panel discussions on “The Madrid Declaration One Year Later,” "Emerging Privacy Issues," “Establishing International Frameworks for Privacy Protection,” "The Campaigns Against Body Scanners and Biometric Identity Cards," and "Promoting Dialogue Between NGOs and DPAs." Leading privacy officials from Canada, Mexico, Spain, the European Union, the European Parliament, and the OECD participated. Civil society representatives from 20 countries also participated The event was held in conjunction with the annual meeting of the Privacy and Data Protection Commissioners. The Public Voice conference was cybercast and tweeted. @thepublicvoice #thepublicvoice. (Oct. 27, 2010) - At European Parliament EPIC Urges Support for Comprehensive Data Protection Framework
Appearing before the European Parliament in Brussels, EPIC President Marc Rotenberg urged the adoption of a comprehensive framework to protect the flow of personal data between the United States and the European Union. Citing the growing concern about the misuse of sensitive data and the absence of effective legal remedies, Mr. Rotenberg said it was time for the US and the EU to develop an effective legal framework that would safeguard the rights of citizens and the users of Internet-based services. EPIC has previously supported the Madrid Privacy Declaration and the Council of Europe Privacy Convention as good models for international privacy frameworks. (Oct. 25, 2010) - Google Ends Secret Wifi Data Gathering
Following numerous protests around the world, Google has ended its illegal collection of wifi data transmissions. The company, which originally claimed it was not even collecting wifi data, was forced to admit that the practice has been ongoing for three years in more than thirty countries, following an independent investigation initiated by European privacy officials. Investigations are still underway to determine the extent of Google's liability. EPIC wrote to the FCC earlier this year, pointing out that the practice violated US wiretap laws. For more information, see EPIC: Streetview. (Oct. 22, 2010) - EPIC Releases Privacy Report Card for Obama Administration
EPIC has released the 2010 Privacy Report Card for the Obama Administration. EPIC gave the Administration a grade of C in Consumer Privacy, B in Medical Privacy, D in Civil Liberties, and B in Cybersecurity. A group of experts participated in a Capitol Hill briefing on privacy and the Obama Administration. This year's grades are a drop from the grades given in EPIC's 2009 Privacy Report Card and reflect important privacy developments during the past year. The report card launch is part of EPIC's Privacy 2010 Campaign. (Oct. 20, 2010) - FTC Proposes Consent Decree in U.S. Search Case
The FTC is asking for comments on a proposed settlement of the agency's complaint against the company U.S. Search for deceptive practices. U.S. Search sold customers a "privacy lock" service that the company falsely claimed would prevent customers' personal information from appearing on the U.S. Search website. The proposed settlement requires U.S. Search to refund fees and bars the company from further deceptive practices, but does not stop them from charging a fee for an opt-out service. For more information, see EPIC: FTC. (Oct. 20, 2010) - Canada: Google Street View Violates Privacy Laws
Canada's Privacy Commissioner has determined that Google violated Canadian privacy law when the company's Street View cars collected user information from wireless networks. The personal information Google captured included e-mails and the names, addresses, and home phone numbers of people suffering from a certain medical condition. The Commissioner called on Google to strengthen its controls and designate an individual to be responsible for privacy issues. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google's practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. For more information, see EPIC: Google Street View. (Oct. 20, 2010) - Congressmen Question Facebook About Latest Privacy Breach
Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) sent a letter to Facebook about the news that Facebook's business partners transmitted personal user data to advertising and internet tracking companies in violation of the company's policy. EPIC has two complaints pending at the Federal Trade Commission regarding Facebook's unfair and deceptive trade practices. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy. (Oct. 20, 2010) - Investigation of Google Street View Moves Forward in Spain
The Spanish Data Protection Agency has filed suit against Google Street View for five violations of Spanish law. The Agency found that Google collected and stored personal data transmitted through open Wi-Fi networks, as well as SSIDs and MAC addresses that contained subscribers real names. Many countries and several US states are currently investigating Google Street View. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google's practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. For more information, see EPIC: Google Street View. (Oct. 19, 2010) - EPIC to Release 2010 Privacy Report Card
As part of the Privacy 2010 campaign, EPIC will release a privacy "report card" for the Obama Administration at a Capitol Hill press conference on October 19. EPIC released a similar report card at the National Press Club in 2009. In the 2009 Privacy Report card, the Administration received the following grades: Medical Privacy A- ; Consumer Privacy INC; Civil Liberties C+; and Cyber Security B. The 2010 Report Card will reflect developments during the past year. (Oct. 19, 2010) - EPIC Launches Privacy 2010 Campaign
EPIC, joined by the Center for Digital Democracy, Consumer Action, the Council on American-Islamic Relations, and the Liberty Coalition launched the Privacy 2010 campaign at a press conference today on Capitol Hill. The organizations set out a Privacy Platform with recommended positions on 10 key privacy issues. Privacy 2010 also has a Facebook Cause page. As part of the Privacy 2010 campaign, EPIC said that it will release a Privacy Report Card for the Obama administration with grades on medical privacy, cyber security, consumer privacy, and civil liberties. (Oct. 13, 2010) - Web Companies Defend Data Collection Practices, Google Absent
Eleven internet companies responded to Rep. Markey and Rep. Barton's request for information regarding their data collection practices. However, the companies said that it is "impossible" for them to eliminate online tracking of consumer behavior. Google refused to respond to the survey questions. At the same time, Microsoft, Intel Corp. and E-bay announced support for Rep. Rush's "Best Practices Act." This bill contains a private right of action as well as a safe harbor for companies that comply with a self-regulatory "Choice Program" approved by the Federal Trade Commission. EPIC recently testified before Chairman Rush's committee " and recommended new safeguards for Internet users. For more information, see EPIC: Identity Theft. (Oct. 12, 2010) - New Social Networking Privacy Poll Released, Kids Privacy Campaign Launched
According to a national poll from Common Sense Media, three out of four parents believe that social network services do not adequately protect children's online privacy. The Common Sense Media "Protect Our Privacy - Protect Our Kids" campaign calls for opt-in consent, clear and simple privacy statements, updated privacy laws, and a prohibition on behavioral marketing for kids. EPIC filed comments with the Federal Trade Commission aimed at improving the Children's Online Privacy Protection Act (COPPA). EPIC President Marc Rotenberg testified before the Senate Commerce Committee earlier this year, and urged Congress to extend COPPA to cover social networks and teens. For more information, see EPIC: COPPA. (Oct. 12, 2010) - Privacy Groups Object to Google's "Simplified" Privacy Policy
EPIC and 14 other privacy and consumer protection groups sent a letter to Google CEO Eric Schmidt about Google's revised privacy policy. Under this new policy, twelve specific Google privacy policies will be replaced by a single policy that will enable greater data sharing within the corporation. EPIC previously raised similar concerns about Google Buzz in a complaint to the Federal Trade Commission. In the complaint, EPIC argued that Google's Gmail-specific privacy policy was more protective of users than their general privacy policy. For more information, see EPIC: In re Google Buzz. (Oct. 6, 2010) - Supreme Court to Hear Arguments in NASA Privacy Case
On October 5, 2010 the Supreme Court will hear arguments in a case that will determine whether public contract employees have a right to limit the government's collection of their personal information. The case, NASA v. Nelson, was brought by a NASA scientist who argued that the Constitution grants a right to privacy from invasive government background checks. NASA claims that the Privacy Act provides sufficient legal protections. EPIC authored a "friend of the court" brief in the case, cosigned by 27 technical experts and legal scholars. EPIC's brief highlights exceptions in the Privacy Act, claimed by the federal agency, that place the scientists' personal information at risk. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy. (Oct. 4, 2010) - EPIC Supports Proposed Reforms for Surveillance Court, Urges Additional Measures
EPIC has submitted comments on the proposed rules for the Foreign Intelligence Surveillance Court. In comparison to the previous rules, promulgated in 2006, EPIC said that the new rules would strengthen judicial independence, improve congressional oversight, and promote, to some extent, greater transparency of the court that oversees the Foreign Intelligence Surveillance Act. EPIC also urged the Court to establish a web presence with information about the Court's activities and to publish detailed annual reports. EPIC said these measures would promote accountability and enhance public understanding of the Court and its functions. For more information, see EPIC: Foreign Intelligence Surveillance Court and EPIC: Foreign Intelligence Surveillance Act. (Oct. 4, 2010) - EPIC, Joined by 13 Organizations, Sends Statement on NSTIC
EPIC, joined by the American Library Association, Liberty Coalition, Bill of Rights Defense Committee, and the Center for Media and Democracy, among others, sent a statement to the Department of Homeland Security responding to the Administration's call for comments regarding its National Strategy for Trusted Identities in Cyberspace Creating Options for Enhanced Online Security and Privacy (NSTIC) draft policy. The coalition's comments press the Administration for a clearer definition of the problems that the policy intends to solve. The coalition further advocates for the maintenance of a free and open Internet that protects the creative content of users, assures privacy, and creates accountability and oversight of government activity, especially as it relates to law enforcement and surveillance. For more, see EPIC's Cybersecurity and Privacy. (Oct. 1, 2010) - EPIC Seeks Details on New Government Crypto Regulations
EPIC has sent Freedom of Information Act (FOIA) requests to the Department of Justice, the Federal Bureau of Investigation, and the National Security Agency for information about a proposal to expand Internet surveillance and deploy weakened security standards. The proposal would require Internet companies to develop network services to enable government access to private communications, including those on peer-to-peer networks. In 1996, the National Resource Council concluded that such technical standards make network communications more vulnerable to cyber attack. For more information, see EPIC: Cryptography Policy. (Sep. 29, 2010) - Federal Appeals Court Protects Innocent Targets of Government Surveillance
A federal appeals court in New York overruled a lower court order that would have disclosed thousands of wiretapped conversations, to the Security and Exchange Commission. The appeals court called the disclosure a "clear and indisputable" abuse of discretion. In SEC v. Galleon, the SEC sought 18,150 private conversations, obtained by the FBI, before any determination of whether the interceptions were relevant or lawful.The court issued the order which was then appealed. EPIC filed an amicus brief and urged the appellate court to protect "the privacy rights of hundreds of individuals" who had no involvement in the case. The court agreed and found that "ordering discovery of the wiretap materials before any determination of the legality of the surveillance involved exceeded the district court’s discretion." For more information, see EPIC: SEC v. Galleon and EPIC: Wiretapping. (Sep. 29, 2010) - Supreme Court Will Decide If Corporations Have Personal Privacy Rights
The Supreme Court has agreed to review AT&T v. FCC, a case in which the Third Circuit Court of Appeals held that corporations have personal privacy rights. In that case, AT&T prevented the public disclosure of records held by a government agency, arguing that the corporation's privacy rights would be violated. The case hinges on the interpretation of the "personal privacy" exemption in the Freedom of Information Act. EPIC, which both advocates for privacy and supports open government, is likely to file an amicus brief. For more information, see EPIC: FCC v. AT&T and EPIC: Open Government. (Sep. 29, 2010) - US Government Seeks to Monitor All Money Transfers
The Financial Crimes Enforcement Network is proposing new regulations that would require banks to report all international electronic money transfers. The regulation would significantly expand the transfer of bank record information to the US Treasury Department and law enforcement agencies. The proposed regulations are available online and open for public comment. For more information, see EPIC: International Privacy Standards. (Sep. 28, 2010) - Five Billion Have Right to Information
Human rights organization Article 19 reported that over 90 countries have adopted laws, constitutional amendments or regulations protecting the right to freedom of information. Additionally, over 50 countries are considering proposals to adopt laws that will protect citizens’ right to know. Article 19 commends the World Bank for its transparency policy, the United Nation’s Environmental Programme for enhanced access to environmental information, and the efforts of the U.S. and UK governments to launch open data sites. See EPIC - Open Government. (Sep. 28, 2010) - National Academies Releases New Report on Biometrics
The National Academy of Sciences has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. See EPIC - Biometric Identifiers and EPIC - Iraqi Biometric Identification System. (Sep. 28, 2010) - Senator Collins Responds to EPIC's Request for Hearings on Airport Body Scanners
Senator Susan Collins has sent a letter to EPIC Director Marc Rotenberg and consumer advocate Ralph Nader regarding airport body scanners. Senator Collins stated in the letter "I agree wholeheartedly that TSA must ensure that this new security technology is proven effective and comes with sufficient protections to the health and privacy of all persons." Mr. Rotenberg and Mr. Nader had sent Senator Collins a request for a public hearing about the security agency's body scanner program. The US Senate has not yet scheduled such a hearing, but leaders in the European Parliament will examine the issue of body scanners on October 6. EPIC will be participating in that hearing. For more information, see EPIC v. DHS (Suspension of Body Scanner Program) and EPIC - Airport Body Scanners. (Sep. 28, 2010) - Senate Holds Hearing on Data Security and Breach Notification Bill
The Senate Commerce Committee held a hearing on S. 3742, The Data Security and Breach Notification Act of 2010. This bill requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. EPIC director Marc Rotenberg testified on a similar bill in the House recommending support but also urging lawmakers to strengthen the proposed law by adopting a broader definition of "personally identifiable information" and permitting stronger state laws to remain. The Senate thus far has not addressed these concerns. For more information, see EPIC: Identity Theft. (Sep. 24, 2010) - DHS Privacy Office Releases 2010 Annual Report
The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. For more information, see EPIC: DHS Privacy Office. (Sep. 24, 2010) - Google Adds Two-Factor Authentication to Google Apps
Google announced today that it is adding two-factor verification for Google Applications. This will allow users to set up a one-time code delivered to a mobile phone, in addition to a regular password. Currently this option is only available for paid Google apps, although it will be available to all users in the coming months. If an administrator of a paid Google Apps account enables two-factor verification, then all users will be required to submit their mobile phone number. Google Apps operate by using cloud computing. In March 2009, EPIC filed a complaint with the Federal Trade Commission over Google's lack of adequate safeguards for its Cloud Computing Services. For more information, see EPIC: Cloud Computing. (Sep. 24, 2010) - NIST Publishes Smart Grid Privacy Guidelines
Guidelines for Smart Grid Cyber Security: Privacy and the Smart Grid is now available from the National Institute of Standards and Technology. The NIST Smart Grid Guidelines address privacy concerns that arise from the "many new data collection, communication, and information sharing capabilities related to energy usage." EPIC coordinated extensive comments for the agency from a group of 23 NGOs, legal, and technology experts. EPIC also worked closely with the NIST Cyber Security Working Group's subcommittee on Privacy on the project. For more information, see EPIC's The Smart Grid an Privacy. (Sep. 17, 2010) - Virginia Court of Appeals Authorizes Warrantless GPS Tracking
In Foltz v. Virginia, the Virginia Court of Appeals held that law enforcement may place a GPS tracking device on a vehicle without violating the Fourth Amendment. The Court found that the defendant did not have an expectation of privacy, and therefore attaching the tracking device to the bumper did not require a warrant. The court distinguished its ruling from Commonwealth v. Connolly, a recent Massachusetts case, which held that police must obtain a warrant before using GPS devices to monitor vehicles. The Virginia court explained that Connolly was unpersuasive because the Virginia Constitution is co-extensive with the federal Fourth Amendment while the Massachusetts Constitution is more expansive. EPIC filed an amicus brief in Connolly, urging the court to adopt a warrant requirement. For more information, see EPIC: Commonwealth v Connolly. (Sep. 17, 2010) - Tests in Italy Raise New Questions About Airport Body Scanners
Following field tests at international airports in Rome, Milan, Palermo, and Venice, the Italian civil aviation authority, has concluded that airport body scanners are inaccurate and inconvenient. Earlier this year the European Commission stated that body scanners have “raised several serious fundamental rights and health concerns,” and recommending less intrusive measures. The European Parliament Committee on Civil Liberties, Justice and Home Affairs has announced a hearing on the Body Scanner program for October 6, 2010. For more information, see EPIC v. DHS (Suspension of Body Scanner Program) and EPIC - Airport Body Scanners. (Sep. 17, 2010) - Echometrix to Pay $100,000 Fine and Stop Unfair Practices in Settlement with NY AG
The New York Attorney General announced a settlement in a case against Echometrix, a software company that sold “Parental control software” that collected data on kids using the Internet for marketing purposes. EPIC filed a complaint with the FTC in 2009 alleging that Echometrix had engaged in unfair and deceptive trade practices and violated the Children's Online Privacy Protection Act. EPIC's complaint highlighted several aspects of Echometrix products that threatened consumer privacy. Documents obtained by EPIC, pursuant to a Freedom of Information Act request, revealed that the Defense Department canceled a contract with Echometrix following the EPIC FTC complaint. Under the settlement with the New York Attorney General's Office, Echometrix will pay a $100,000 penalty to the state of New York, and has agreed not to "analyze or share with third parties any private communications, information, or online activity to which they have access." For more information, see EPIC - Echometrix. (Sep. 17, 2010) - Public Interest Groups Urge Supreme Court to Curtail Government Secrecy
Public Citizen filed a "friend of the court" brief in Milner v. Navy, a Freedom of Information Act case that will be heard by the Supreme Court. Seven groups signed the brief, which urges the Court to abolish the "High 2 Exemption" - a legal claim used by federal agencies to prevent disclosure of public records. The case will determine whether federal agencies can continue to assert "High 2" to block disclosure of records that could otherwise be made available to the public. EPIC is currently challenging the Department of Homeland Security's use of "High 2" in EPIC v. DHS, a FOIA lawsuit concerning airport body scanners. For more, see EPIC: Open Government and EPIC: Milner v. Navy. (Sep. 15, 2010) - Ninth Circuit Strips Search Guidelines from Fourth Amendment Opinion
A new opinion from the United States Court of Appeals for the Ninth Circuit raises many questions about procedures to be followed in electronic searches. Last year in United States v. Comprehensive Drug Testing, Inc., the court set out guidelines for electronic searches and seizures so that the "plain view" doctrine did not allow electronic fishing expeditions. The guidelines followed an approach that is routinely used for electronic surveillance. However, on rehearing the case following objections from government prosecutors, the court's new opinion removed the guidelines though it still concluded that the search at issue was impermissible. EPIC had argued in an amicus brief for the Supreme Court that the guidelines in Comprehensive Drug Testing should be broadly applied to searches of electronic media. For more information, see EPIC: City of Ontario v. Quon. (Sep. 15, 2010) - EPIC Submits Comments to Council of Europe on Profiling
EPIC has expressed support for a proposed appendix to the Council of Europe Convention on Privacy that would apply privacy safeguards specifically to data profiling. In comments to the expert Committee, EPIC said that profiling is an issue of "increasing public importance." Previously, EPIC urged Secretary of State Hilary Clinton to begin the process of US ratification of the Council of Europe Convention. For more information, see EPIC: Council of Europe Privacy Convention and International Privacy Day (Facebook). (Sep. 14, 2010) - Google Street View Blocked Again
The Czech Office for Personal Data Protection turned down Google's application to collect personal data for its Street View service. Street View is controversial mapping tool that has allowed Google to capture Wi-Fi signals in addition to street level imagery in thirty countries over a three-year period. Google obtained Wi-Fi data, including email passwords and content, from receivers that were concealed in the Street View vehicles. Many countries and several US states are currently investigating Google Street View. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google’s practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. For more information, see EPIC: Google Street View. (Sep. 14, 2010) - EPIC Files Suit For Documents Regarding Google/NSA Partnership
Today, EPIC filed a Freedom of Information Act lawsuit against the National Security Agency in the United States District Court in the District of Columbia. The agency failed to respond to EPIC's FOIA request for documents about an "Information Assurance" partnership with Google. EPIC previously appealed to the agency to comply with its legal duty to produce the documents, but he agency failed to respond. EPIC is also seeking the Presidential Directive that grants the NSA authority to conduct electronic surveillance in the United States. For more information, see EPIC: Open Government. (Sep. 13, 2010) - New Jersey Supreme Court to Hear Arguments in Expungement Case
The New Jersey Supreme Court will hear oral arguments on September 14, 2010 in the case of G.D. v. Kenny. In G.D. v. Kenny a lower court dismissed a privacy claim involving publication of information about a prior criminal act, even though the state had issued an expungement order. EPIC has filed a "friend of the court" brief, urging the New Jersey Supreme Court to preserve the right of expungement and allow the privacy case to go forward. EPIC's brief points to the increasing risk that private firms will make available inaccurate, incomplete, and out--of-date information if expungement orders are not enforced. EPIC further argues that courts do not treat truth as a defense in cases involving privacy tort claims. EPIC Advisory Board member Grayson Barber will be arguing on EPIC's behalf at the hearing. For more information, see EPIC: Expungement and EPIC: G.D. v. Kenny. (Sep. 10, 2010) - Surveillance Court Seeks Public Comments on Proposed Rules
The Foreign Intelligence Surveillance Act (FISA) authorizes a special court the Foreign Intelligence Surveillance Court (FISC) to undertake electronic surveillance in the United States for foreign intelligence information. The FISC is now seeking public comments concerning its procedures. Comments must received by Monday, October 4, 2010. EPIC previously submitted an amicus brief regarding FISA authority and national security. EPIC will be submitting comments to the FISC and endorse changes that improve accountability and transparency for FISA orders. See EPIC - Foreign Intelligence Surveillance Act (FISA) and EPIC - Foreign Intelligence Surveillance Act Orders 1979-2010 (Sep. 8, 2010) - EPIC's Marc Rotenberg Named to ICANN Advisory Committee
The 2010 ICANN Nominating Commitee has named EPIC President Marc Rotenberg to serve as North America representative for the At-Large Advisory Committee of ICANN. The ALAC is responsible for "representing the interests of individual Internet users at ICANN." NomCom Chair Wolfgang Kleinwaechter said "We are proud to announce this year’s selectees to ICANN’s leadership. They include highly accomplished and experienced individuals from Albania, Argentina, Egypt, France, Germany, and the United States." Mr. Rotenberg previously served as Chair of the Public Interest Registry, which manages the .ORG domain. For more information, see The Public Voice. (Sep. 8, 2010) - Google Settles Buzz Lawsuit, Allocates Funds for Internet Privacy Groups
Google has entered into a settlement agreement in a class action suit concerning the social network service Buzz. With Buzz, Google made private email contacts of Gmail susbcribers publicly available without consent. Gmail users filed a class action lawsuit. The plaintiffs alleged violations of federal privacy and consumer fraud laws. As part of the settlement agreement, Google will establish an $8.5 million settlement fund to pay the attorneys, compensate the lead plaintiffs, and establish a cy pres fund for "existing organizations focused on Internet privacy policy or privacy education." Earlier this year, EPIC raised similar concerns about Google Buzz in a formal complaint to the Federal Trade Commission. EPIC has also objected to a settlement in the Facebook Beacon case on the grounds that the settlement would allow Facebook, the defendant, to control the private foundation established by the settlement. The Google settlement would not establish a similar entity. For more information see EPIC: In re Google Buzz. (Sep. 7, 2010) - Ralph Nader and EPIC Urge Senate Hearings on Airport Body Scanners
In letters to Senator Lieberman and Senator Collins, EPIC President Marc Rotenberg and consumer advocate Ralph Nader urged the Senate Committee on Homeland Security and Governmental Affairs to "convene a public hearing to review the government's deployment of whole-body scanners at passenger security checkpoints in US airports." The Nader/Rotenberg letter states that the Department of Homeland Security and the Transportation Security Administration have "disregarded serious questions concerning the devices' effectiveness, privacy safeguards, and potential health impacts." In a letter to the US Marshall Service, Senators Lieberman and Collins earlier expressed concern about the ability of these devices to store and retain images. The Committee on Civil Liberties, Justice and Home Affairs of the European Parliament has announced a hearing on the Body Scanner program for October 6, 2010. For more information, see EPIC v. DHS (Suspension of Body Scanner Program and EPIC - Airport Body Scanners (Sep. 7, 2010) - EPIC Challenge to Airport Body Scanner Program Moves Forward in Federal Court
The United States Court of Appeals for the District of Columbia Circuit has set a briefing schedule for EPIC v. DHS, No. 10-1157, EPIC's challenge to the airport body scanner program. EPIC has alleged that that the Department of Homeland Security has violated three federal laws (the Administrative Procedures Act, the Privacy Act, and the Religious Freedom Restoration Act) and that the body scanner search itself is unconstitutional, given what the courts have said about the permissible scope of airport screening procedures. EPIC's initial brief will be due November 1, 2010. Subsequent briefs from DHS and EPIC will be due by December 15, 2010. In earlier open government litigation against DHS, EPIC obtained evidence that the devices are designed to store and record images. For more information, see EPIC - EPIC v. DHS (Suspension of Body Scanner Program). (Sep. 2, 2010) - US Withdrawal from Iraq Raises Questions about Future of Biometric Database
President Obama's address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices "contravene international treaties and could lead to potentially devastating consequences." EPIC, PI, and HRW urged the Defense Department to "adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information." For more information, see EPIC - Iraqi Biometric Identification System. (Sep. 1, 2010) - EPIC Presses for Release of Government Documents on Health Risks of Airport Body Scanners
EPIC has filed an appeal with the Transportation Security Administration, challenging the agency's denial of expedited processing and fee waivers for an EPIC Freedom of Information Act request. EPIC's is seeking documents from the TSA concerning full body scanner radiation risks and testing. EPIC challenged the TSA's denial of expedited processing, arguing that by delaying to release of the records, the agency was risking the health of travelers and its own employees. EPIC also argued that the record request was particularly timely, as three US Senators recently wrote to the Department of Homeland Security about the safety of the airport body scanners and the risk to air travelers. Separately, EPIC has urged a federal court to suspend the program, pending an independent review of the health risks and privacy impact. For more information, see EPIC: Body Scanners and EPIC v. DHS (suspension of program). (Aug. 30, 2010) - Agency Reconsiders Medical Breach Notification Rule
The Department of Health and Human Services has withdrawn its previously issued interim medical privacy rule after facing substantial criticism from privacy advocates. The old rules required that health-care providers and insurers report privacy breaches to patients only if the provider or insurer felt that there was a "significant risk" of harm. Privacy advocates criticized this language on the basis that it granted too much discretion to the firms responsible for safeguarding patient data. In previous comments to the FTC, EPIC recommended that notification of health data breaches be enhanced, that additional breach notification through means such as text messages and social networking sites be developed, and that companies obtain verification of receipt of notifications. EPIC has also testified in Congress that the "significant harm" standard, favored by the HHS for breach notification, is unfair to consumers. For more information, see EPIC: Medical Record Privacy. (Aug. 25, 2010) - Facebook Uses RFID to Track Users' Locations for Advertising Promotion
At the Coca-Cola Village Amusement Park in Israel, visitors were recently issued bracelets with RFID chips that linked to their Facebook accounts, according to Adland. RFID readers scattered throughout the park updated the users' Facebook pages when the bracelets were scanned. On-site photographers also posted photos that were automatically tagged with the users' identities. Facebook had previously tested the use of RFID for location tracking at the f8 Developer Conference in April. Facebook has also just launched Places, which is designed to make users' location information widely available. For more information, see EPIC Facebook Privacy, EPIC Facebook Places. (Aug. 25, 2010) - Following EPIC FOIA Lawsuit, US Senators Raise Questions About Retention of Body Scanner Images
The Chairman and Ranking Member of the Homeland Security Committee, along with four other Senators, have sent a letter to the head of the US Marshal Service to ask why the federal agency stored more than 35,000 images from whole body imaging scans taken at the Orlando federal courthouse. The letter follows a Freedom of Information Act lawsuit, filed by EPIC, in which the Marshal Service was forced to disclose the fact that it had stored body scanner images. EPIC has also filed an emergency motion in federal court to suspend the program, pending a thorough review of the airport body scanner program. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Aug. 20, 2010) - Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users
The recently announced Facebook service Places makes user location data routinely available to others, including Facebook business partners, regardless of whether users wish to disclose their location. There is no single opt-out to avoid location tracking; users must change several different privacy settings to restore their privacy status quo. For users who do not want location information revealed to others, EPIC recommends that Facebook users: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices, which are frequently associated with new product announcements. For more information, see EPIC In Re Facebook, EPIC In Re Facebook II, and EPIC Facebook Privacy. (Aug. 19, 2010) - Senators Question Safety of Airport Body Scanners, Object to Program Expansion
Three U.S. Senators have objected to the Department of Homeland Security's expansion of the airport body scanner program. In a letter to DHS Secretary Janet Napolitano, Senators Collins (R-ME), Burr (R-NC), and Coburn (R-OK) have asked "why the Department continues to purchase this technology when legitimate concerns about its safety appear to remain unanswered." The Senators noted that "the issue of radiation associated with the backscatter x-ray AIT machines has not been adequately addressed by TSA." They urged the agency's Chief Medical Officer, working with independent experts, to conduct a review of the health effects on travelers and airport personnel. EPIC recently submitted a FOIA request to the DHS for all records of tests conducted by the agency regarding radiation impacts. EPIC has also filed an emergency motion in federal court to suspend the program, pending an thorough review of the airport body scanner program. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Aug. 18, 2010) - EPIC Urges Supreme Court to Protect NASA Scientists' Privacy
EPIC filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of scientists working at NASA's Jet Propulsion Laboratory. Twenty-seven legal and technical experts signed the brief. In NASA v. Nelson, the Court has been asked to determine whether the scientists' right to "informational privacy" prohibits NASA from collecting information concerning the individuals' medical records as a condition of employment. The agency admits that the scientists perform unclassified, non-sensitive work. EPIC's brief argues that compelled disclosure would risk exposing sensitive, personal health information that is insufficiently protected by NASA. For more information, see EPIC NASA v. Nelson. (Aug. 9, 2010) - Federal Appeals Court Upholds Maine Prescription Privacy Law
The First Circuit Court of Appeals has upheld a Maine law that bans the sale of prescriber-identifiable prescription drug data for marketing purposes. Data mining companies had challenged the law, claiming that the privacy measure violated their free speech rights, an argument that the court rejected because "the statute regulates conduct, not speech, and even if it regulates commercial speech, that regulation satisfies constitutional standards." The decision in IMS Health v. Mills followed a decision by a panel of the same court in IMS Health v. Ayotte, upholding a similar law in New Hampshire. In that case, as well as in a similar case regarding a Vermont law, EPIC and several privacy and technology experts filed "friend of the court" briefs arguing that there is a substantial state interest in privacy protection and that the data miners' de-identification practices do not, in fact, protect patient privacy. A decision in the Vermont case is expected soon. For more information, see IMS Health v. Ayotte, IMS Health v. Sorrell. (Aug. 9, 2010) - Federal Appeals Court Requires Warrant for GPS Tracking
The D.C. Circuit Court ruled that police must obtain a warrant before using GPS devices to monitor vehicles. GPS tracking constitutes a seizure under the U.S. Constitution because "prolonged GPS monitoring reveals an intimate picture of the subject‘s life that he expects no one to have," the Court held. In a related case, the Massachusetts Supreme Court recently held that a warrant is required for the use of a GPS tracking device. EPIC filed an amicus brief in that case. For more information, see EPIC Commonwealth v. Connolly. (Aug. 6, 2010) - EPIC FOIA - Feds Save Thousands of Body Scan Images
In an open government lawsuit against the United States Marshals Service, EPIC has obtained more than one hundred images of undressed individuals entering federal courthouses. The images, which are routinely captured by the federal agency, prove that body scanning devices store and record images of individuals stripped naked. The 100 images are a small sample of more than 35,000 at issue in the EPIC lawsuit. EPIC has pursued a similar FOIA lawsuit against the Dept. of Homeland Security but the DHS refuses to release the images it has obtained. EPIC has also filed suit to stop the deployment of the machines in US airports. For more information, see EPIC Body Scanners, EPIC - EPIC v. DOJ (Marshall Service FOIA), and EPIC Press Release. (Aug. 4, 2010) - Wal-Mart Begins Tagging and Tracking Merchandise with RFID
Wal-Mart has announced that it will begin inserting Radio Frequency Identification (RFID) chips into some of its men's clothing, including jeans, underwear, and socks, starting August 1. The retailer has stated that its goal is to expand the use of the tags to its other merchandise as well. Previously RFID tags have only been used in larger packages for warehouse and distribution use, but this will be the first time the tags are used in the stores for individual products that will be taken home by consumers. The tags will remain readable from a short range even after they are removed from the store. For more information, see EPIC RFID Systems. (Jul. 30, 2010) - EPIC to Urge Congress to Strengthen Privacy Laws for Facebook Users
In prepared testimony (PDF) for a Congressional hearing on "Online Privacy, Social Networking and Crime Vicitimization," EPIC Executive Director Marc Rotenberg urged lawmakers to update federal law to protect the privacy of Facebook users. Mr. Rotenberg said that Facebook's constant changes to the privacy settings of users have made it virtually impossible for users to control who gets access to their personal information. He also said that the failure of the Federal Trade Commission to investigate Facebook's business practices means that Congress must now amend the federal privacy law to limit the ability of Social Network companies to disclose user information to third parties without informed and explicit consent. Also testifying at the hearing are witnesses from the FBI, the Secret Service, Symantec, and Facebook. For more information, see EPIC Social Networking Privacy, EPIC Facebook, and EPIC In re Google Buzz. (Jul. 28, 2010) - Appeals Court Protects Free Speech for Privacy Advocate
Privacy Advocate Betty Ostergren has won in federal appeals court in her challenge to a state law designed to prosecute her for drawing attention to the state's online publication of SSNs. In Ostergren v. Cuccinelli, the court ruled that the Commonwealth of Virginia may not prosecute Ostergren for publishing the SSNs of state officials available in public land records until the Commonwealth itself stops making these unredacted documents available. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Ostergren v. McDonnell, EPIC Social Security Numbers, and EPIC Identity Theft. (Jul. 26, 2010) - New York Ends "Stop and Frisk" Data Collection
New York Governor David Paterson signed a bill into law last week requiring the NYPD to expunge the names and addresses in a database of people who had been stopped and questioned by police but never charged with any crimes. In signing the bill, Governor Paterson said that "simple justice as well as common sense suggest that those questioned by police and not even accused of a crime should not be subjected to perpetual suspicion." For more information, see EPIC New York Stop-and-Frisk Database. (Jul. 23, 2010) - Facebook Scores Low on Consumer Satisfaction
In a recent study by Foresee Results and the University of Michigan, Facebook has scored extremely low in the area of customer satisfaction. The 2010 American Customer Satisfaction Index E-Business Report included social networking companies for the first time, and Facebook scored a 64, putting it "in the bottom 5% of all measured private sector companies and in the same range as airlines and cable companies." The polling company attributed Facebook's low scores to "privacy concerns, frequent changes to the website, and commercialization and advertising." For more information, see EPIC Facebook Privacy and EPIC Public Opinion on Privacy. (Jul. 22, 2010) - State Attorneys General Press Google on Street View Scandal
Connecticut Attorney General Richard Blumenthal announced in a press release that 38 states and the District of Columbia are seeking additional information about Google's collection of Wi-Fi data from private, residential computer networks. Blumenthal also sent a letter to Google, asking for information about Google's packet-sniffing software, the testing and review procedures, and the internal investigation of the code that "accidentally" recorded unencrypted Wi-Fi traffic in 30 countries over a three-year period. In May, EPIC wrote to the Federal Communications and recommended an investigation, noting that the collection of Wi-Fi data likely violates several federal privacy laws. Google has since suspended its Wi-Fi data collection activities. For more information, see EPIC: Street View Investigations. (Jul. 22, 2010) - DHS Announces Dramatic Expansion of Airport Body Scanner Program
On July 20, 2010, the Department of Homeland Security announced a substantial change in the deployment of body scanners in US airports. According to the DHS Secretary, the devices, which had once been part of a pilot program for seconary screening, will now be deployed in 28 additional airports. The devices are designed to capture and store photographic images of naked air travelers. EPIC has filed an emergency motion in federal court, urging the suspension of the program and citing violations of several federal statutes and the Fourth Amendment. Public opposition to the program is also growing. For more information, see EPIC v. DHS (Body scanners) and EPIC Body Scanners. (Jul. 21, 2010) - Public Trust in Government Privacy Protections Plummets
According to a new study by the Ponemon Institute, public trust in the United States government's commitment to protect privacy has fallen to a new all-time low. The survey of 75 federal organization examined the protection of personal information by federal agencies as well as the commitment to keep secure personal information. For 2010, the average privacy trust score across the United States government fell to 38%, from 50% in 2009. The top-rated government entities included the Postal Service, the Federal Trade Commissions, and the IRS, while the least-trusted agencies were the National Security Agency, the Department of Homeland Security, and the Department of Justice. The largest decline in trust over privacy matters came for the Census Bureau, which is preparing the 2010 census. The largest favorable change was at the Department of State. For more information, see EPIC Public Opinion on Privacy. (Jul. 21, 2010) - EPIC Pursues Lawsuit Against Homeland Security, Urges Court to Suspend Body Scanner Program
Today, EPIC filed a reply in its case against the Department of Homeland Security, EPIC v. DHS,10-1157. EPIC had previously filed a petition and motion for emergency stay, asking the court to suspend the use of the machines. EPIC argued that the use of body scanners for primary screening in U.S. airports violates several federal laws and the Fourth Amendment. In its reply to the government's motion, EPIC also cited the growing public opposition to the program, the decision of major airports not to use body scanners, as well as the agency's failure to adequately address Constitutional concerns. For more information, see EPIC: Body Scanners and EPIC v. DHS. (Jul. 20, 2010) - EPIC FOIAs NSA for Details of "Perfect Citizen"
EPIC has filed a Freedom of Information Act request with the National Security Agency regarding the new secret cybersecurity program known as "Perfect Citizen." According to the Wall Street Journal, the program "would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack," although the agency has claimed that there "is no monitoring activity involved, and no sensors are employed in this endeavor" but has refused to release the details of the program. In its request, EPIC has sought contracts, memoranda, and other records relating to "Perfect Citizen." For more information, see EPIC Cybersecurity and Privacy. (Jul. 16, 2010) - EPIC Testifies in Congress on Cybersecurity and Privacy
EPIC Executive Director Marc Rotenberg testified today before the House Committee on Science and Technology regarding Planning for the Future of Cyber Attack Attribution. In his prepared statement, Mr. Rotenberg discussed "the risks and limitations of a mandatory Internet ID that may be favored by some as a way to address the risk of cyber attack." He explained how such a proposal would implicate human rights and online freedom, and questioned the constitutionality of such a measure. EPIC recommended that efforts continue to focus on improving security standards, deploying encryption, and requiring federal agencies to remain transparent as they develop cyber security policies. For more information, see EPIC Cybersecurity and Privacy. (Jul. 15, 2010) - EPIC Seeks DHS Records on Body Scanner Health Impacts
Today EPIC filed a Freedom of Information Act request with the Department of Homeland Security for studies conducted by the agency and third parties concerning radiation and health testing of body scanners. The EPIC request follows a recent report by Dr. David Brenner to the Congressional Biomedical Caucus that radiation exposure may be up to twenty times greater than the DHS acknowledged. In April 2010, several scientists urged Presidential Science Adviser Dr. John P. Holdren to conduct further evaluation of the health risks of body scanners. EPIC is pursuing FOIA litigation against the DHS regarding full body scanners, and has also filed a lawsuit to halt the use of the devices. For more information, see: EPIC: Body Scanners and EPIC v. DHS. (Jul. 13, 2010) - EPIC Urges Federal Trade Commission to Strengthen Childrens' Privacy Rule
EPIC filed comments urging the Federal Trade Commission to improve the Childrens' Online Privacy Protection Act Rule. The rule is the principal federal protection for childrens' privacy, and limits how companies may collect and disclose childrens' personal information. "The need for the COPPA Rule has become increasingly urgent in light of new business practices and recent technological developments, such as social networking sites and mobile devices," EPIC wrote. "Existing provisions need to be strengthened and new provisions need to be added." In April, EPIC testified before Congress concerning childrens' privacy. For more, see EPIC: COPPA and EPIC: FTC. (Jul. 9, 2010) - Full Body Scanner Bill Introduced in Senate
Senators Klobuchar (D-MN) and Bennett (R-UT) have introduced a bill that would mandate the deployment of full body scanners in US airports. The bill would make Full Body Scanners the primary screening technique. The bill would provide for an alternative screening method for passengers with "privacy concerns." The bill contains particularly weak privacy provision that ignore many of the problems with the devices already uncovered. In 2008, the House passed legislation to prevent the use of body scanners as primary screening devices. Documents later obtained by EPIC established that the TSA required that Full Body Scanner have the ability to store, record, and transfer detailed images of naked air travelers. EPIC has recently filed suit against the Department of Homeland Security to require that the program be suspended, pending an independent review. For more information, see: EPIC: Body Scanners and EPIC v. DHS. (Jul. 8, 2010) - Federal Court to Hear Oral Argument in Wiretap Abuse Case
A federal court in New York will hear oral argument today in SEC v. Galleon, a case involving the disclosure of federal wiretap recordings. EPIC filed a "friend of the court" brief, urging the court to protect the privacy of innocent individuals who were inadvertently recorded on the wiretaps. A trial court judge ordered disclosure of all wiretaps conducted in a criminal investigation, even though no court has ruled on the recordings' legality or relevance. EPIC noted that "hundreds of thousands of individuals are recorded on wiretaps every year," and "80% of those personal communications are wholly unrelated to criminal activity." For more information, see EPIC: SEC v. Galleon and EPIC Wiretapping. (Jul. 8, 2010) - European Parliament Agrees to Data Transfer Deal with US
In the ongoing dispute between Europe and the US over the transfer of private financial information of Europeans to US law enforcement agencies, the European Parliament has agreed to a revised proposal that would replace bulk data transfers with specific information requests. The Parliament has also required that European officials exercise greater control over the data transfer process. An earlier US proposal was rejected by the Parliament as a violation of fundamental rights. For more information, see EPIC - International Privacy Law and EPIC - Lisbon Treaty. (Jul. 8, 2010) - In Emergency Appeal, EPIC Urges Court to Suspend TSA's Full Body Scanner Program
Today EPIC filed a petition for review and motion for an emergency stay, urging the District of Columbia Court of Appeals to suspend the TSA's full body scanner program. EPIC said that the program is "unlawful, invasive, and ineffective." EPIC argued that the federal agency has violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, and the Fourth Amendment. EPIC cited the invasive nature of the devices, the TSA's disregard of public opinion, and the impact on religious freedom. EPIC, and more than two dozens organizations, previously petitioned the agency for a public rulemaking, which the TSA disregarded. EPIC has also testified in Congress about the problems with the body scanner program. Members of the Senate, Ralph Nader, and European officials have also expressed concern. The case is EPIC v. DHS, No. 10-1157. For more information, see EPIC: Body Scanners. (Jul. 2, 2010) - FTC Invites Public Comment on Twitter Settlement
The FTC is calling for public comments on the recent Twitter Settlement. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The FTC found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." Comments are due on July 26, 2009, and may be submitted electronically or in paper form. For more information, see EPIC: Social Networking Privacy. (Jul. 2, 2010) - EPIC Testifies in Congress on Smart Grid Privacy
EPIC Associate Director Lillie Coney testified before the House Committee on Science and Technology regarding Smart Grid Architecture and Standards: Assessing Coordination and Progress. In her prepared statement, Ms. Coney told Congress that the "basic architecture of the Smart Grid presents several thorny privacy issues" and explained how smart meters and appliances transmitting user data wirelessly introduced threats to consumers. She also described how strong security and privacy standards can address the risks of identity theft, unauthorized access, and individual surveillance. EPIC has submitted comments to NIST and the state of California, urging stronger privacy standards for Smart Grid services. For more information, see EPIC Smart Grid. (Jul. 1, 2010) - Supreme Court to Review Freedom of Information Act Case Exempting Agency Documents from Public Disclosure
Today, the Supreme Court agreed to hear Milner v. Department of the Navy a case in which a federal appeals court allowed the Navy to withhold records sought under the Freedom of Information Act. At issue in the case is the scope of Exemption 2 of the FOIA, which permits agencies, in some circumstances, to withhold information requested pursuant to FOIA. The exemption at issue exempts information “related solely to the internal personnel rules and practices of an agency.” Writing in dissent, Judge Fletcher said that the FOIA exemptions "must be narrowly construed." For more information see EPIC: Open Government; EPIC FOIA Manual. (Jun. 28, 2010) - White House Adopts Weird Opt-Out Privacy Policy for Public Access to Government Web Sites
The White House has announced a new "Clear Notice and Personal Choice" policy for the use of Web Measurement and Customization Technologies for government web sites. The policy is remarkable in that there does not appear to be any legal basis to allow federal agencies to routinely disclose personal information of citizens to private companies. The policy is accompanied by new Guidance for Agency Use of Third-Party Websites and Applications. The White House also announced a National Strategy for Trusted Identities in Cyberspace. EPIC had urged the White House to uphold Privacy Act obligations in use of web 2.0 services. For more information, see EPIC - Privacy and Government Contracts with Social Media Companies. (Jun. 28, 2010) - EPIC Urges Senate to Explore Kagan's Views on Privacy
In a letter to the Senate Judiciary Committee, EPIC has asked Senators to examine the views of the Supreme Court nominee on privacy and related issues. Noting that the Court increasingly confronts cases concerning the Fourth Amendment and privacy, EPIC said it is "important and necessary" to explore the nominee's views on these topics. The hearings are expected to continue through this week. See EPIC - Elena Kagan and Privacy and EPIC - Doe v. Reed and EPIC - City of Ontario v. Quon. (Jun. 28, 2010) - Cybersecurity Legislation Moves Forward in Congress
The Senate Homeland Security Committee voted unanimously to report favorably the Protecting Cyberspace as a National Asset Act of 2010 to the Senate at a markup session (video) on June 24th. An earlier version of the bill was introduced on June 10th and a hearing (video) was held on June 15th. The bill would establish a National Center for Cybersecurity and Communications at the Department of Homeland Security. Critics' had said that the bill would also give the President an "internet kill switch" to take over private networks. Before committee passage, the bill was amended to include limitations on the proposed Presidential powers to declare a "cybersecurity emergency" and to better define what parts of critical infrastructure are covered by the bill. For more information, see EPIC Cybersecurity and Privacy. (Jun. 25, 2010) - European Privacy Officials Publish Opinion on Online Advertising
The European Union's data protection authorities have released an opinion declaring that online advertisers must obtain “informed” consent before tracking consumers' web browsing to target ads at consumers. The Opinion states that "although online behavioural advertising may bring advantages to online business and users alike, its implications for personal data protection and privacy are significant.” The opinion of the Article 29 Working Party clarifies how the Article 5(3) of the ePrivacy Directive and Directive 95/46/EC apply to online behavioral advertising, stressing that companies engaging in online behavioral advertising using cookies are bound by the new EU rules on electronic privacy that require “informed” consent from consumers. For more information, see EPIC - International Privacy Standards. (Jun. 25, 2010) - Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers
The FTC announced a significant enforcement action today. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The FTC found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." EPIC has two complaints currently pending at the FTC concerning similar practices by Facebook, another social networking service. For more information, see EPIC - Facebook Privacy, EPIC - In re Facebook I, and EPIC - In re Facebook II. (Jun. 24, 2010) - Supreme Court Permits Disclosure of Petitioner Signatures
The Supreme Court has held in Doe v. Reed that, as a general matter, the state's interest in ensuring election integrity outweighs the First Amendment interest of petitioner signatories. Chief Justice Roberts writing for the Court, said that disclosure of signatures under a state open records law "would not violate the First Amendment with respect to referendum petitions in general." However, the Court left open the possibility that the disclosure of names for a particular referendum could violate the First Amendment. Justice Thomas, writing in dissent, said that it was not necessary for the state to publish the names of those who sign petitions to ensure valid elections. He noted techniques that could protect privacy and safeguard election integrity. In a concurrence, Justice Alito warned that the state could obtain vast powers to collect and disclose personal information about those who engage in the petition process. Justices Breyer, Scalia, Sotomayor, and Stevens also filed concurrences. EPIC submitted an amicus brief in the case, arguing that "the privacy of petitioner signatories safeguards First Amendment interests and helps to ensure meaningful participation in the political process without fear of retribution." For more information see, EPIC - Doe v. Reed. (Jun. 24, 2010) - EPIC Urges Congress to Reform ECPA, Safeguard Locational Data
EPIC has filed a statement for the record in a hearing on the Electronic Communications Privacy Act, (ECPA) "ECPA Reform and the Revolution in Location Based Technologies and Services" before the House Committee on the Judiciary. EPIC recommends that Congress consider the need to protect locational data for users of new communications services. The statement calls attention to several recent developments, including Apple's iOS 4. EPIC had previously recommended that the FCC establish guidelines for the protection of users' locational privacy. For more information, see EPIC: CPNI. (Jun. 23, 2010) - Scotland Yard Commences Probe of Google Street View
In the midst of a flood of investigations worldwide into Google's collection of private Wi-Fi data, London's Metropolitan Police Service is reviewing a criminal complaint filed against Google. The Police Service estimates that it will spend eight to ten days conducting an initial inquiry, during which time it will determine basic facts. If it determines that Google has broken any laws, the case will be referred to a specialist team working at the national level. The complaint was brought by London-based Privacy International under two UK laws: the Regulation of Investigatory Powers Act and the Wireless Telegraphy Act. The filing of a criminal complaint in London echoes similar actions undertaken in Spain, where criminal complaints have been filed against Google in two courts. For more information, see EPIC - Investigations of Google Street View. (Jun. 23, 2010) - FOIA Update - EPIC Forces Disclosure of Report on Obama Passport Breach
EPIC's Freedom of Information Act lawsuit against the State Department, EPIC v. State, has produced a report detailing security breaches of passport data for several Presidential candidates. Federal investigators prepared the report in the wake of March 2008 breaches that exposed Barack Obama, Hillary Clinton, and John McCain's personal information. Previously secret sections state "the Department was ineffective at detecting possible incidents of unauthorized access," and criticized the agency's failure to "provide adequate control or oversight." Portions of the report remain secret - the agency hasn't fully implemented investigators' recommendations. EPIC testified before the Senate in 2008 concerning the security breaches, urging lawmakers to limit employee and contractor access to personal data. For more, see EPIC Passport Privacy and EPIC Open Government. (Jun. 23, 2010) - Privacy Conference Attendees Set Out Social Networking Bill of Rights
Participants at the 2010 Conference on Computers, Freedom, and Privacy have prepared a Social Network Users' Bill of Rights. The Bill of Rights sets out principles for providers of social network services, including clarity of policies, empowerment of users, freedom of speech, data minimization, and user control. For more information, follow #billofrights and see EPIC: Social Networking Privacy and EPIC: Facebook Privacy. (Jun. 23, 2010) - Several States Launch Investigations of Google Street View, Connecticut Attorney General Calls Activity "Pernicious Invasion of Privacy"
Several state attorneys general have opened investigations of Google, following disclosures that the company captured and stored Wi-Fi data in addition to digital images. These states include Connecticut, Illinois, Massachusetts, Michigan, and Missouri. Maryland and New York are also reported to be pursuing investigations. Connecticut AG Richard Blumenthal described the "driveby data sweeps" of WiFi networks as "deeply disturbing, a potentially impermissible, pernicious invasion of privacy." In a subsequent statement, the Connecticut Attorney General said he will determine the legality of Google's WiFi collection practices. Earlier, EPIC sent a letter to the Federal Communications Commission urging the FCC to determine whether Google may have violated the Wiretap Act and the Communications Act. Google has since grounded its entire Street View fleet and ceased all WiFi data collection. For more information, see EPIC - Investigations of Google Street View. (Jun. 18, 2010) - French Privacy Officials Find that Google Captured Email Passwords, Private Email Content
The French National Commission on Computing and Liberty (CNIL) has released preliminary results (French) (English) of the Google Street View investigation in France. According to the CNIL, Google "saved passwords for access to mailboxes" and obtained content of electronic messages. The CNIL is pursuing the investigation to determine whether Google engaged in "unfair and unlawful collection of data" as well as "invasion of privacy and individual liberties." Investigations are now underway in at least 18 countries and five states in the US. EPIC has prepared a preliminary survey of Investigations of Google Street View. (Jun. 18, 2010) - EPIC's Coney Leads Cybersecurity Panel at Computers, Freedom, Privacy Conference
EPIC Associate Director Lillie Coney leads a panel discussion today on "Cybersecurity Policy and the Role of .Orgs" at the annual conference on Computers, Freedom, and Privacy. The panel features top government decision makers and leading experts in cybersecurity. The panel will be cybercast June 18 at 2 pm ET. The discussion builds on a letter to White House Cyber Security Director Howard Schmidt, organized by EPIC and endorsed by 30 organizations, which states that US cybersecurity policy "must incorporate protections of our basic freedoms and constitutional rights." Ms. Coney will co-chair the 2011 CFP Conference, which will be held in Washington DC. For more information, see EPIC-Cybersecurity Privacy Practical Implications. (Jun. 18, 2010) - Supreme Court Rules Against Text Message Privacy, Permits Search of Public Employee's Pager
The Supreme Court has issued a ruling in City of Ontario v. Quon, a case concerning the reasonablenees of a search of a public employee's pager. EPIC filed a "friend of the court" brief in the case, arguing that data minimization practices should be followed for electronic searches, and that the search, which uncovered personal texts unrelated to the purpose of the search, was therefore unreasonable. EPIC urged the Supreme Court to apply the approach set out in Comprehensive Drug Testing v. United States, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. The Court ruled that the search was reasonable, reversing the Ninth Circuit's decision that such a search be conducted through the least intrusive means possible. For more information, see EPIC: City of Ontario v. Quon. (Jun. 17, 2010) - Privacy International Launches System to Shed Light on Controversial Technologies
International watchdog Privacy International has announced the launch of a new website for bringing transparency to "technical mysteries" behind controversial systems. Cracking the Black Box identifies key questions regarding mysterious technologies and asks experts, whistleblowers, and other concerned parties to "help crack the box" by anonymously contributing ideas and input. The organization responsible for the technology in question is then invited to provide an official response. The first two issues addressed on the PI site are the Google Wi-Fi controversy and the EU proposal to retain search data. (Jun. 16, 2010) - EPIC, Privacy Groups Recommend Further Changes for Facebook
EPIC has joined a letter, organized by the ACLU of Northern California, calling for Facebook to fix ongoing privacy problems with the social network service. The letter, signed by several privacy organizations, recommends that Facebook make "Instant Personalization" opt-in, limit data retention, give users greater control over their information, and allow users to export their content from Facebook. EPIC has a complaint currently pending at the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices. For more information, see EPIC Facebook Privacy. (Jun. 16, 2010) - Senate Committee Holds Hearing on Cybersecurity Bill
The Senate Homeland Security Committee held a first hearing on the recently introduced cybersecurity bill, the Protecting Cyberspace as a National Asset Act of 2010. The hearing (video) featured testimony from Philip Reitinger at the Department of Homeland Security, as well as several industry representatives. Many of the committee's questions focused on whether authority over civilian cybersecurity should be concentrated in the Department of Homeland Security or in the Department of Defense, a question on which EPIC has repeatedly sought information. For more information, see EPIC Cybersecurity and Privacy. (Jun. 16, 2010) - Report from European Commission Raises New Questions About Airport Body Scanners
A report prepared for the European Parliament and the European Council on the controversial proposal to deploy body scanners at European airports warns of "a serious risk of fragmenting fundamental rights of EU citizens, impeding their rights of free movement, and escalating their health concerns related to new security technologies." The report recommends common European standards to ensure the protection of fundamental rights and to address health concerns. The report also recommends security scanners that are less intrusive and pose fewer health risks than those currently deployed in US airports. Earlier this year, EPIC and Ralph Nader urged President Obama to suspend the airport body scanner program until "a comprehensive evaluation of the devices' effectiveness, health impacts, and privacy safeguards is completed by an independent board of review." For more information, see EPIC: Whole Body Imaging. (Jun. 16, 2010) - EPIC Recommends Consumer Privacy Protections for California Smart Grid
In formal comments to the California Public Utility Commission, EPIC said that utility customers should control the use of personal information generated by Smart Grid services. EPIC warned that companies will otherwise use the data for purposes not related to electricity delivery, consumption management, or payment. EPIC urged the California Commission to include a requirement that limits the use of personal data by third party providers offering energy management services. The Commission acknowledged EPIC's March 2010 comments and EPIC's April 2010 comments in the proposed California Smart Grid plan. For more information, see EPIC Smart Grid. (Jun. 14, 2010) - Canada's Privacy Commissioner Awards $500,000 to 13 Projects to Advance Frontiers of Privacy Research
Canadian Privacy Commissioner Jennifer Stoddart announced the recipients of her Office’s 2010-11 Contributions Program, which funds privacy research and public education initiatives. This year’s projects involve research initiatives that focus on the Office’s four key privacy priority areas: national security, identity integrity and protection, information technology, and genetic privacy. Created in 2004 to support non-profit research on privacy, public policy, and the protection of personal information, the Contributions Program is highly regarded and considered one of the foremost privacy research funding programs in the world. To date, the program has allocated over $2 million to more than 60 initiatives in Canada. EPIC recently acknowledged the work of the Rose Foundation, which funds similar projects in the United States. (Jun. 14, 2010) - FCC Consumer Bureau Chief Says Google Street View "Clearly Infringes on Consumer Privacy," Charges Company with "Cyber Snooping"
The Chief of the Consumer and Governmental Affairs Bureau for the Federal Communications Commission warned consumers that Google's "behavior" raises important privacy concerns and said that the collection of Wi-Fi data, "whether intentional or not . . . clearly infringes on consumer privacy." Mr. Gurin further stated that the FCC Public Safety and Homeland Security Bureau is "now addressing cyber security as a high priority." EPIC recently wrote to the FCC Chairman Jules Genachowski and urged the Commission to open an investigation of Google Street View. EPIC said, "The Commission plays a critical role in safeguarding the integrity of communications networks and the privacy of American consumers." (Jun. 14, 2010) - Investigation of Google "Spy-Fi" Expands, Congress to Hold Hearings
In the expanding probe of the "Spy-Fi" matter, Google admitted in a letter to the House Energy and Commerce Committee that Street View cars were purposefully downloading and capturing Wi-Fi data. Google claimed that the practice was legal, though it also said it "would stop Street View cars from collecting WiFi data entirely." The response comes two weeks after House members Henry Waxman (D-CA), Joe Barton (R-TX), and Edward Markey (D-MA) wrote to CEO Eric Schmidt demanding answers about Google's Street View vehicles. Google's responses to lawmakers have raised new questions, most notably why didn't Google reveal the full scope of its Street View activities? Representative Barton said, “this matter warrants a hearing, at minimum" and commented that Google's conduct is "ironic in view of the fact that Google is lobbying the government to regulate Internet service providers, but not Google." Representative Markey said, "We will continue to actively and aggressively monitor developments in this area." (Jun. 14, 2010) - Federal Judge Limits Suspicionless Laptop Searches at Borders
A federal judge has ruled against the Department of Homeland Security's Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that "[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion." Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations. For more information, see EPIC: DHS Privacy Office. (Jun. 11, 2010) - Pew/Elon Study: Cloud Computing Will Expand, Security and Privacy Issues Must be Addressed
According a recent Pew Internet and Elon University survey , most technology experts believe that the next decade will bring increased reliance on internet-based applications and cloud computing. The experts and social analysts surveyed also predicted greater use of mobile devices, with an accompanying reduction in general purpose computing. The survey found that the cloud computing brings considerable privacy and security risks. EPIC has a complaint pending before the Federal Trade Commission on Cloud Computing and Privacy. For more information, see EPIC Cloud Computing. (Jun. 11, 2010) - New Cybersecurity Legislation Introduced
Senators Lieberman, Collins, and Carper of the Senate Homeland Security & Governmental Affairs Committee have introduced the Protecting Cyberspace as a National Asset Act of 2010. The bill would establish a White House Office of Cyberspace Policy and a National Center for Cybersecurity and Communications. The bill would allow the President to declare a "national cyber emergency" and implement emergency measures, although it would not allow these measures to set aside requirements of the Wiretap Act, the Electronic Communications Privacy Act, or the Foreign Intelligence Surveillance Act. The bill would also make certain changes to the Federal Information Security Management Act. The Committee released a summary of the bill. EPIC is currently seeking to make public the NSA's authority for cyber security. For more information, see EPIC Cybersecurity and Privacy. (Jun. 11, 2010) - Privacy International Charges Google with Criminal Intent in "Spy-Fi" Matter
International privacy watchdog Privacy International asserts that an audit of Google's Street View data collection shows that Google separated out and systematically stored network content obtained from private Wi-Fi devices. According to PI, this establishes that Google's Wi-Fi data collection was intentional, despite Google's assurances to the contrary. The audit follows an investigation which revealed that Google Street View vehicles were secretly capturing and recording private Wi-Fi data in addition to photographic images. Street View vehicles operated in 30 countries over a three-year period until Google was forced to suspend the program. In the US, EPIC has sent a letter to the Federal Communications Commission, urging the FCC open an investigation to determine whether Google violated US wiretap laws. (Jun. 11, 2010) - Privacy Issue Attracts Fire in California Attorney General Race
Facebook privacy has become a hot topic in the California race for Attorney General. In the Democratic primary, Kamala Harris has attacked former Facebook Chief Privacy Officer Chris Kelly over the company's privacy practices. But Kelley has recently criticized some of the Facebook changes and said that "instant personalization" should be opt-in. Kelly has also supported a Moveon Facebook campaign though some bloggers have doubts. During the last election cycle, EPIC launched PRIVACY08 to encourage candidates to debate privacy issues. Also see EPIC Facebook Privacy. (Jun. 7, 2010) - FTC Delays Identity Theft Rule Yet Again
The Federal Trade Commission is delaying, for the fourth time, its enforcement of the "Red Flags Rule." This rule requires creditors and financial institutions to implement programs to identify, detect and respond to the warning signs, or “red flags,” that could indicate identity theft. The FTC has decided to delay enforcement through the end of the year in order to give Congress time to enact legislation that could clarify what kind of entities would be considered "creditors" under the rule. For more information, see EPIC: Identity Theft. (Jun. 2, 2010) - Congress Pursues Investigation of Google and Facebook's Business Practices
Following similar letters from other Congressional leaders, the head of the House Judiciary Committee has asked Google Inc. and Facebook to cooperate with government inquiries into privacy practices at both companies. Rep. Conyers (D-MI) noted that Google's collection of user data "may be the subject of federal and state investigations" and asked Google to retain the data until "such time as review of this matter is complete." Rep. Conyers also asked Facebook to provide a detailed explanation regarding its collection and sharing of user information. The House Judiciary Committee is expected to hold hearings on electronic privacy later this year. For more information, see EPIC: Facebook Privacy, EPIC: In re Facebook II, and EPIC: Search Engine Privacy. (Jun. 1, 2010) - TSA Responds to EPIC and Privacy Groups, Claims Body Scanners Ok
In a May 28, 2010 letter to a coalition of organizations, the Transportation Security Administration defended its use of full body scanner machines. The Agency claimed that the machines are safe, effective, and do not violate existing statutes or impermissibly infringe on Americans' Constitutional Rights. This letter is a response to an April 21, 2010 petition in which EPIC and 30 organizations urged the TSA to suspend the full body scanner program due to Constitutional, statutory, health, and effectiveness concerns. In 2009, the organizations petitioned the agency to undertake a formal request for public comments. The agency never acted on the request. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. Department of Homeland Security. (Jun. 1, 2010) - Ralph Nader, Privacy Groups Urge Congress to Suspend Airport Body Scanner Program
In two letters today, Ralph Nader and ten privacy organizations urged leaders in the House and Senate to cease deployment of full-body scanning devices in US airports until an independent review of the devices' health effects, effectiveness and privacy safeguards is completed. In letters addressed to Congressman Bennie Thompson and Senator Joe Lieberman, the organizations cited the increasing presence of the full-body scanner machines and the health risks posed by the machines. This message echoes previous requests made by EPIC in a letter to President Obama and in testimony before the House Committee on Homeland Security. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. Department of Homeland Security. (May. 28, 2010) - New Study Shows Young Americans Value Privacy
A new study from the Pew Internet and American Life Project has found that "[r]eputation management has now become a defining feature of online life for many internet users, especially the young." The Pew study Reputation Management and Social Media found that young adults are far more likely than their older counterparts to take steps to maintain control over their digital identities, including changing their privacy settings, restricting access to their data, and removing their names from tagged photographs. The report also found that these privacy-protecting activities have become considerably more common across all age groups than they were when a similar study was conducted in 2006. For more information, see EPIC Public Opinion on Privacy. (May. 27, 2010) - Congressional Leaders Write to Google's Schmidt About "Spy-Fi"
Congressmen Henry Waxman (D-CA), Joe Barton (R-TX), and Ed Markey (D-MA) have sent a detailed letter to Google CEO Eric Schmidt about the reports that Google Street View vehicles scarfed up Wi-Fi data in thirty countries, including the United States. The letter follows a complaint that EPIC has sent to the Julius Genachowski, chairman of the Federal Communications Commission, suggesting that Google may have violated federal wiretap laws. For more information, see Congress Urges FTC to Investigate Google. (May. 26, 2010) - Facebook Expected to Announce Privacy Changes
Following a recent column in the Washington Post by Facebook CEO Mark Zuckerberg, the company is expected to announce new, simplified privacy settings this week. EPIC objected to the last several rounds of changes that Facebook made, filing a complaint with the FTC in December when the company reclassified much of users' data as "publicly available information," a supplement to that complaint in January, and another complaint this month when Facebook forced users' profile information to become publicly available links instead of private data. For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: In re Facebook II. (May. 25, 2010) - EPIC Urges Federal Communications Commission to Open Investigation Into Google Street View
EPIC wrote today to FCC Chairman Julius Genachowski to recommend that the Commission open an investigation into the consumer data collected from wi-fi hotspots by Google Street View. In its letter, EPIC stated that Google routinely and secretly intercepted and stored user communications data and routinely and secretly intercepted and stored private communications hotspots. EPIC said that this conduct appears to violate federal wiretap laws as well as the Communications Act and asked the Commission to begin an investigation. EPIC noted that "The Commission plays a critical role in safeguarding the integrity of communications networks and the privacy of American consumers." For more information, see Congress Urges FTC to Investigate Google. (May. 21, 2010) - Congress Urges FTC to Investigate Google Following Revelation that "Street View" Scarfed Wi-Fi Data
Congressmen Joe Barton (R-TX) and Edward Markey (D-MA) wrote to FTC Chairman Liebowitz about Google's collection of consumer's private Wi-Fi transmissions. The House members asked the FTC Chairman to investigate whether Google's actions violate federal privacy laws or consumer protection laws. Google has admitted to collecting email and internet surfing data, but has not clarified the extent or nature of the data collection. The letter from Congress follows an investigation in Europe which revealed that Google's "Street View" vehicles in 30 countries collected not only digital images, but also data transmitted on private wireless networks. EPIC has several privacy complaints pending at the FTC, including one on Cloud Computing. (May. 19, 2010) - Report Says School Officials At Fault in High School Spycam Episode
An independent report finds the Lower Merion School District at fault for the remote monitoring of laptop computers that the District issued to high school students. The report followed a complaint filed by Blake J. Robbins, a student at Harriton High School, alleging that school officials used the laptops to spy on students. The report concluded that 30,564 webcam photographs and 27,428 screen shot images were captured because of "the District's failure to implement policies, procedures, and record-keeping requirements and the overzealous and questionable use of technology" by personnel "without any apparent regard for privacy considerations or sufficient consultation with administrators." EPIC has extensively documented students' privacy rights, see EPIC: Student Privacy. (May. 14, 2010) - Coalition Letter Results in Meeting with White House Cybersecurity Coordinator
EPIC, joined by over 30 organizations, launched a campaign to obtain a meeting with Howard Schmidt, the White House Cybersecurity Coordinator. Groups joining the letter included the ACLU, American Library Association, Bill of Rights Defense Committee, Liberty Coalition, NAACP, OpenTheGovernment.org, and the Lawyers Committee for Civil Rights Under Law. The White House has agreed to the meeting, which follows Senate confirmation of Keith B. Alexander, director of the National Security Agency, to lead the U.S Cyber Command. Civil society organizations have expressed concern about the growing role of the NSA in cyber security. EPIC is currently in litigation with the NSA to obtain the secret policy for NSA surveillance authority. For more information, see EPIC Sues NSA to Force Disclosure of Cybersecurity Authority, and EPIC - Cybersecurity Privacy: Practical Implications. (May. 12, 2010) - EPIC Opposes Efforts of National Intelligence Director to Limit Privacy Act
EPIC has filed comments with the Office of the Director of National Intelligence (ODNI) in response to a Federal Register notice and aproposed rulemaking to establish fourteen new databases. The DNI is seeking to exempt portions of these systems from key protections in the Privacy Act of 1974. EPIC said that this proposal undermines the Privacy Act, and urged the agency not to implement the exemptions. For more information, see EPIC: The Privacy Act of 1974. (May. 12, 2010) - EPIC Urges New Jersey Supreme Court to Safeguard Privacy
EPIC has filed a "friend of the court" brief", urging the New Jersey Supreme Court preserve the value of expungement and allow a privacy case to go forward. In G.D. v. Kenny, a New Jersey court dismissed a privacy claim involving publication of information about a prior criminal act, even though the state had issued an expungement order. In the brief, EPIC argued that, "data mining companies ignore judicial determinations and attempt to make conviction records live forever," however, "after someone has been rehabilitated, having paid the prescribed debt to society, he or she should not be penalized in perpetuity." For more information, see EPIC: Expungement and EPIC G.D. v. Kenny. (May. 12, 2010) - President Obama Nominates Elena Kagan for Supreme Court
President Obama has nominated Solicitor General Elena Kagan for the seat on the United States Supreme Court that will be vacated by Associate Justice John Paul Stevens when the term ends this June. Justice Stevens served as a justice for 35 years, and participated in many important privacy cases. Kagan, the former dean of Harvard Law School, wrote about the Supreme Court confirmation process in 1995 that Senators should insist on "evoking a nominee's comments on particular issues—involving privacy rights, free speech, race and gender discrimination, and so forth—that the Court regularly faces." EPIC has submitted amicus briefs in two cases currently before the Court. For more information, see EPIC - Doe v. Reed and EPIC - City of Ontario v. Quon. (May. 11, 2010) - Senate Unanimously Passes Faster FOIA Act
The Senate unanimously passed the Faster FOIA Act of 2010, introduced by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), that will establish a 16-member commission to determine methods for reducing delays in processing FOIA requests. Government reports reveal substantial delays in disclosing records subject to the open government law. The legislation seeks to improve the processing of FOIA requests. EPIC frequently uses the FOIA to obtain information about government programs that impact privacy rights. For more information, see EPIC: FOIA Litigation Docket, EPIC: FOIA Litigation Manual. (May. 7, 2010) - New Facebook Privacy Complaint Filed with Trade Commission
Today, EPIC and 14 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law. The complaint states that changes to user profile information and the disclosure of user data to third parties without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. In a letter to Congress, EPIC urged the Senate and House Committees with jurisdiction over the FTC to monitor closely the Commission's investigation. The letter noted the FTC's failure to act on several pending consumer privacy complaints. For more information, see EPIC: Facebook Privacy. (May. 5, 2010) - Draft Privacy Profiling Bill Released
Representatives Rick Boucher (D-VA) and Cliff Stearns (R-FL) have released a draft Internet privacy bill to regulate online advertising. The bill seeks to provide "meaningful privacy protections for Internet users" by mandating disclosure of privacy practices, regulating the collection and use of personally identifiable information, and requiring affirmative, opt-in consent for disclosure of sensitive information. The bill also establishes opt-in for locational information and creates incentives to limit the collection of personally identifiable information. The bill establishes new requirements for security and accuracy. But privacy groups have expressed concern about provisions of the bill that prevent private enforcement and that preempt state privacy laws, as well as a lengthy data retention period. For more information, see EPIC: Profiling. (May. 4, 2010) - Busted Biometric Traveler ID May Return to US Airports
"Clear," the flawed airport security program that gathered biometric data on hundreds of thousands of travelers before the company went bankrupt, may return with a new operator. The assets of Verified Identity Pass -- including the fingerprints and iris patterns of previous customers -- have been sold at auction to AlClear, which intends to restart the program. In Congressional testimony in 2005, EPIC warned that the Registered Traveler program should be subject to the federal Privacy Act. For more information, see EPIC Spotlight On Surveillance: Registered Traveler Card, EPIC "Clear" (May. 4, 2010) - Applications for Court Approved Wiretaps Reach All-Time High in 2009
According to the newly released 2009 Wiretap report, federal and state courts issued 2,376 orders for the interception of wire, oral or electronic communications in 2009, up from 1,891 in 2008, an increase of more than 25%. U.S. Courts Press release.) As in the previous four years, no applications for wiretap authorizations were denied by either state or federal courts. With the exception of 2008, the total number of authorized wiretaps has grown in each of the past seven calendar years, beginning in 2003. The 2009 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act or interceptions approved by the President outside the exclusive authority of the federal wiretap law and the FISA. See EPIC Wiretapping and EPIC Title III Order Statistics. (May. 3, 2010) - EPIC Urges Federal Court to Protect Individuals from Wiretap Abuse
EPIC filed a "friend of the court" brief, urging a federal appeals court to protect the privacy of innocent individuals who were inadvertently recorded on federal wiretaps. In SEC v. Rajaratnam, a trial court judge ordered disclosure of all wiretaps conducted in a criminal investigation, even though a court has yet to rule on the recordings' legality or relevance. EPIC noted that "hundreds of thousands of individuals are recorded on wiretaps every year," and "80% of those personal communications are wholly unrelated to criminal activity." For more information, see SEC v. Galleon and EPIC Wiretapping. (Apr. 30, 2010) - EPIC Urges Congress to Extend Children's Privacy Law to Teenagers and Social Network Services, Says Current Law Has Failed to Keep Up with New Business Practices
EPIC President Marc Rotenberg testified today before the Senate Commerce Committee. He said that "COPPA did not anticipate the immersive online experience that a social network service would provide or the extensive data collection of both the trivial and the intimate information that children would share with friends." Mr. Rotenberg also pointed to the FTC's failure to enforce children's privacy rights despite clear-cut violations of the fedral law. EPIC recommended updates that would expand COPPA protections to teens and clarify the law's application to mobile and social network services. EPIC'S press release can be found here. For more, see EPIC: COPPA (Apr. 28, 2010) - Senators Oppose Facebook Changes, Schumer Urges Trade Commission to Regulate Social Network Services
Senators Charles Schumer (D-NY), Michael Bennet (D-CO), Mark Begich (D-AK), and Al Franken (D-MI) have sent a letter to Facebook CEO Mark Zuckerberg to express concern about "recent changes to the Facebook privacy policy and the use of personal data by third-party websites." Senator Schumer has also asked the Federal Trade Commission to establish guidelines for social networking sites. The Senators' statements came after Facebook announced it would disclose user data to websites without consent. Senator Schumer stated "Previously, users had the ability to determine what information they chose to share and what information they wanted to keep private." EPIC has filed a complaint and with the FTC about the recent changes to Facebook's privacy settings. For more information, see EPIC: Facebook Privacy and EPIC: In re Facebook. (Apr. 27, 2010) - Supreme Court to Hear Arguments on Petitioner Privacy
The United States Supreme Court will hear arguments on Wednesday in the case of Doe v. Reed, in which the Court will determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC and 25 technical experts and legal scholars filed a "friend of the court" brief with the Court in March, urging the Justices to protect the privacy of those who sign petitions. EPIC's brief argues that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. For more information, see EPIC Doe v. Reed. (Apr. 27, 2010) - White House Issues Rules for Security Reporting
A new White House memo sets out the Federal Information Security Management Act of 2002 (FISMA) standards for federal agencies. All agencies must comply with the FISMA standard and report security practices for information under agency control. The standard also extends obligations to agency contractors. By November 15, 2010, all agencies must be capable of monitoring all information traffic on their networks; and make reports to CyberScope, a platform launched last year to provide a single government-wide security management tool for FISMA reports. The Memorandum included requirements to respond to breaches of personal information. Agency Inspectors General will provide oversight of agency FISMA compliance. For more information, see EPIC's Cybersecurity page. (Apr. 26, 2010) - Facebook's Data Grab: New Policies Transfer Control of User Data to Facebook
Facebook announced significant changes at F8 this week that will integrate Facebook with many web sites, but also make it more difficult for Facebook users to limit the disclosure of personal information. The announcement follows recent changes to Facebook privacy settings and privacy policies. "Instant personalization" will give Facebook's business partners access to users' likes, interests, friends, and other details, unless users opt-out. Facebook has also removed a key privacy safeguard and will allow third parties to store user data indefinitely. EPIC has a complaint pending at the FTC concerning recent changes to Facebook's privacy settings. For more information, see EPIC: Facebook Privacy and EPIC's Previous FTC Complaint regarding Facebook, EPIC: In re Facebook. (Apr. 22, 2010) - Congress Passes Bill Banning Caller ID Spoofing
On April 15, the House of Representatives passed the Truth in Caller ID Act of 2010, which bans the transmission of misleading or inaccurate caller ID information "with the intent to defraud, cause harm, or wrongfully obtain anything of value." EPIC recommended this intent requirement in testimony before the House in 2006 and 2007, and before the Senate in 2007 so that privacy techniques would be protected. The bill has passed the Senate and will likely be enacted into law. For more information, see EPIC Caller ID. (Apr. 21, 2010) - Coalition Petitions Homeland Security to Suspend Airport Body Scanners
EPIC and a broad coalition of organizations sent a formal petition to the Department of Homeland Security to demand that the agency suspend the airport body scanner program. The petition states that the "uniquely intrusive search" is unreasonable and violates the Constitution. The petition further states the program fails to comply with several federal laws, including the Religious Freedom Restoration Act , the Privacy Act of 1974, and the Administrative Procedures Act. The petitioners also argue that the machines are ineffective and that there are better, less costly security technology. The petitioners contend that the TSA has routinely misled the pubic about the ability of the devices to store and transmit detailed images of travelers' naked bodies. In a Freedom of Information Act lawsuit, EPIC has already obtained technical documents, vendor contracts, and hundreds of traveler complaints. EPIC is seeking additional documents. For more information, see EPIC: Whole Body Imaging Technology and EPIC: EPIC v. Department of Homeland Security. (Apr. 21, 2010) - Supreme Court Hears Arguments in Text Messaging Case
The U.S. Supreme Court held arguments in City of Ontario v. Quon. The Court will determine whether a government employer can review the contents of private text messages sent from an employee's pager through a private communications company. EPIC filed a "friend of the court" brief arguing that data minimization practices should be applied to public sector searches and that the search was therefore unreasonable. EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States, which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon. (Apr. 20, 2010) - Study Shows Young Adults Care About Privacy
Researchers from the University of California at Berkeley and the University of Pennsylvania have released the results of a study comparing young adults and older adults on their attitudes and knowledge about privacy. The empirical study shows that most young adults have similar concerns about online privacy policies to their older counterparts. The study's authors conclude that "young-adult Americans have an aspiration for increased privacy even while they participate in an online reality that is optimized to increase their revelation of personal data." For more information, see EPIC Public Opinion on Privacy. (Apr. 20, 2010) - NTIA to Hold Public Meeting on Information Privacy
The National Telecommunications and Information Administration(NTIA) will hold a public meeting on "Information Privacy and Innovation in the Internet Economy" on May 7. The NTIA is seeking comments from "all Internet stakeholders, including the commercial, academic, and civil society sectors, on the impact of current privacy laws in the United States and around the world on the pace of innovation in the information economy." The discussion will center around whether current privacy laws serve consumer interests and fundamental democratic values. EPIC has previously recommended comprehensive privacy standards for NTIA privacy working groups. EPIC has also filed friend of the court brief against the NTIA's disclosure of domain holder personal information. For more information see National Telecommunications and Information Administration: Public Notices. (Apr. 19, 2010) - EPIC Demands Release of Classified Answers on Privacy and Internet Standards from Cyber Command Nominee
EPIC has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) seeking the "classified supplement" that Director Lt. Gen. Keith Alexander filed with his answers to questions from the Senate Armed Services Committee regarding his nomination to be the Commander of the newly formed United States Cyber Command. Several of Lt. Gen. Alexander's classified responses were to questions regarding the privacy of Americans' communications, and EPIC's request urges the Agency to make the full responses public. EPIC is currently in litigation with the NSA to obtain the secret policy for NSA surveillance authority. For more information, see EPIC Sues NSA to Force Disclosure of Cybersecurity Authority. (Apr. 19, 2010) - Faster FOIA Act Heading for Senate Vote
A bill to improve the speed at which the government processes requests under the Freedom of Information Act (FOIA), called the Faster FOIA Act of 2010, was passed by the Senate Judiciary Committee late last week and has been reported to the full Senate for a vote. The bill was introduced in March by Senators Leahy (D-Vt.) and Cornyn (R-Tx.) and will establish a 16-member commission to conduct a study to determine methods for reducing delays in processing FOIA requests. For more information, see EPIC FOIA Litigation Docket, EPIC FOIA Litigation Manual. (Apr. 19, 2010) - EPIC v. Homeland Security: Government has Over 2,000 Photos from Airport Body Scanners
As a result of a Freedom of Information Act lawsuit, EPIC has obtained hundreds of pages of documents from the Department of Homeland Security about the plan to deploy full body scanners in US airports. A letter to EPIC reveals that the government agency possesses about 2,000 body scanner photos from devices that the DHS said earlier "could not store or record images." EPIC has also obtained the most recent device procurement specifications, and several hundred new pages of traveler complaints. For more information, see EPIC: Whole Body Imaging and EPIC: EPIC v. Department of Homeland Security. (Apr. 16, 2010) - Supreme Court to Hear Arguments in Text Messaging Privacy Case
The Supreme Court will hold oral arguments on Monday, April 19 in City of Ontario v. Quon, a case in which the Court will determine whether a government employer can search the content of text messages sent from an employee's pager. EPIC's has filed a "friend of the court" brief arguing that data minimization practices should be applied to public sector searches because of the Fourth Amendment reasonableness requirement and the fact that communications devices today collect and store detailed personal information, including internet search history, text messages, emails, and locational data. EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States[4], which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon. (Apr. 15, 2010) - Congress Considers Nomination of NSA Director to US Cyber Command, Concerns Remain
The Senate Armed Services Committee will hold a hearing on April 15, to consider the nomination NSA Director Lt. Gen Keith B. Alexander to be the Commander of the US Cyber Command. EPIC has expressed concern about the expanded authority of the NSA within the United States and has specifically requested the public release of NSPD-54, the secret Presidential Directive that allows the NSA to conduct electronic surveillance against US citizens within the United States, prior to the confirmation of Lt. Gen. Alexander. EPIC is seeking this and related document in a Freedom of Information Act lawsuit. For more information, see EPIC Sues NSA to Force Disclosure of Cyber Security Authority. (Apr. 15, 2010) - Senators Raise Privacy Concerns About Current Body Scanner Technology
Three United States Senators have written a letter to Secretary Napolitano of the Department of Homeland Security, urging the Department to reconsider the whole body scanners currently planned for U.S. airports. Senators Collins (R-ME), Kyl (R-AZ), and Chambliss (R-GA) encouraged Secretary Napolitano to consider "auto-detection" devices instead of human screeners to address privacy concerns. The Senators noted that the current technology allows airport officials to "view detailed images of passengers’ bodies" and also that other systems could "save the government and airports money on physical space for screening." For more information, see EPIC: Whole Body Imaging Technology. (Apr. 14, 2010) - Senator Leahy Urges Attorney General to Implement Patriot Act Reforms
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) has sent a letter to Attorney General Eric Holder regarding key privacy safeguards for the PATRIOT Act. The Senate Judiciary Committee passed the PATRIOT Act Sunset Extension Act earlier in the year, which included many reforms, but the full Senate did not act on the measure Because the administration supported the reforms within the bill, Sen. Leahy advised the Attorney General that he can voluntarily adopt many of the reforms even without Congressional action. Senator Leahy expressed particular concern about the possible misuse of National Security Letter authority. Attorney General Holder will appear before the Senate Judiciary Committee on Wednesday, April 14, 2010 for an oversight hearing. For more information, see EPIC: National Security Letters. (Apr. 14, 2010) - No EU-US Agreement on Transfer of EU Financial Data to US or Deployment of Airport Body Scanners
A meeting between top United States counter-terrorism officials and European counterparts ended in Madrid today with no agreement to restart a program that gave the US access to European financial data. The Terrorist Finance Tracking Program operated in secret from 2001 to 2006. European legislators objected to the program as a violation of EU privacy law. There also appeared to be no EU support for the further deployment of body scanners in European airports. EPIC has raised several objections to the body scanner program, including a letter with Ralph Nader to the administration, Congressional Testimony, and open government litigation, which revealed that the devices store and record images. For more information, see EPIC International Privacy Standards, EPIC Lisbon Treaty, EPIC Body Scanners. (Apr. 9, 2010) - Acquisti, Gasser, Harbour, Irion, Jonas, and Kirby Join EPIC Advisory Board
EPIC has announced the 2010 members of the EPIC Advisory Board.They are Alessandro Acquisti, Associate Professor Information Technology and Public Policy, Carnegie Mellon University; Urs Gasser, Executive Director, Berkman Center for Internet and Society; Pamela Jones Harbour, Former Commissioner, FTC; Kristina Irion, Assistant Professor, Center for Media and Communications Studies, Central European University; Jeff Jonas, Chief Scientist, IBM Entity Analytics Group, and Michael Kirby, Former Justice, High Court of Australia. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Press Release. For more information, see EPIC: EPIC Advisory Board. (Apr. 9, 2010) - TSA Concedes Body Scanners Store and Record Images
In response to a Congressional inquiry, led by Congressman Bennie Thompson, the Transportation Security Agency acknowledged that images on body scanner machines would be recorded for "testing, training, and evaluation purposes." The TSA also did not dispute that test mode could be activated in airports, but said this "would" not happen. As part of an ongoing lawsuit, EPIC had previously obtained TSA documents describing the machines' capabilities to store and transmit detailed images of travelers' naked bodies. For more information, see EPIC: Whole Body Imaging Technology. (Apr. 1, 2010) - Inspector General: ID Theft Not a Priority at Justice Department
The Inspector General's Office released a new report on the Department of Justice's Efforts to Combat Identity Theft. The report states that identity theft is a growing problem, but the Justice Department's efforts to combat the crime have "faded as priorities." The Inspector General concludes that the Department has failed to develop a coordinated plan to combat identity theft since a 2007 task force report. In 2007, EPIC proposed a comprehensive strategy to "address the root causes of identity theft: excessive data collection and lax security practices." For more information, see EPIC: Identity Theft. (Mar. 31, 2010) - New Jersey Supreme Court Rules in Favor of Employee Privacy
The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief." For more information see EPIC: Workplace Privacy. (Mar. 30, 2010) - Congressional Leaders Press Obama on Privacy Board
Chairman Bennie Thompson and twenty members of the House of Representatives sent a letter to President Obama seeking the immediate nomination of members to the Privacy and Civil Liberties Oversight Board. The Privacy Board was active during the Bush Administration, but the Obama administration has moved slowly to reconstitute the advisory body. No hearings have been held and no reports have been issued. The board is intended to provide advice on the civil liberty implications of programs that effect the rights of citizens, such as the use of Whole Body Scanners by the TSA, biometic identifiers, and cyber security policy. (Mar. 30, 2010) - Lawmakers Urge FTC to Investigate Google Buzz
Ten House Members have asked the Federal Trade Commission to pursue an investigation into the Google social networking service Buzz, given "Google's practice of automatically using consumers' e-mail address books to create contact lists for Buzz and then publicly disclosing the names of those private contacts" online. The lawmakers also asked the Commission to consider the privacy implications of Google's proposed acquisition of AdMob, the mobile phone advertising company. EPIC has filed a complaint with the FTC, asking the Commission to investigate Google Buzz. Previously, EPIC recommended that the FTC block Google's acquisition of Doubleclick, the banner advertising firm, because of the privacy implications. For more information, see EPIC: In re Google Buzz. (Mar. 29, 2010) - Facebook Announces Changes to Privacy Policy. Again.
Faceboook has announced "another set of revisions" to its privacy policy. The changes appear to make it easier for Facebook to gather locational data on users and to disclose user data to third-party web sites. It also appears that Facebook will make more use of data set to "Everyone." Facebook is soliciting comments on the changes. In December, EPIC filed a complaint with the FTC regarding the last series of changes to the Facebook privacy settings. EPIC, joined by nine other privacy and consumer organizations, said that the "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The FTC responded that the EPIC complaint "raises issues of paricular interest" to the Commission. For more information on the ever-changing Facebook privacy policy, see EPIC Facebook Privacy and EPIC In re Facebook. (Mar. 26, 2010) - Coalition Urges President Obama to Suspend "Digital Strip Search" Program
Civil liberties, consumer rights, air travel, and religious organizations have asked President Obama to "suspend the further deployment of body scanners in US airports." The organizations said that the scanners are "contributing to a negative perception of the United States" and noted the "sincerely held religious opposition to the digital undressing of air travelers by TSA officials." For more information, see EPIC: Whole Body Imaging, Stop Digital Strip Searches, and Privacy Coalition. (Mar. 26, 2010) - GoDaddy Pulls out of China over Privacy Risks to Users
GoDaddy, the world’s largest internet domain name registrar, will no longer register domain names in China, due to new government rules for monitoring Internet use. China now requires every domain name registrant to provide photographs, business information, signed registration forms, and business registration numbers to the China Internet Network Information Center, a quasi-government agency. GoDaddy General Counsel Christine N. Jones stated, “The intent of the procedures appeared, to us, to be based on a desire by the Chinese authorities to exercise increased control over the subject matter of domain name registrations by Chinese nationals.” EPIC supports privacy for web site registrants and has worked with GoDaddy in the past to urge the US National Telecommunications and Information Administration to safeguard the right of Internet users to maintain private web site registrations. For more information on EPIC and domain name privacy, see EPIC: WHOIS. (Mar. 26, 2010) - Following EPIC FOIA Request, Homeland Security Releases Privacy Study of Cybersecurity Project
The Department of Homeland Security (DHS) Privacy Office has released an unclassified version of the Privacy Impact Assessment (PIA) for the Initiative Three Exercise, a pilot exercise for the classified cybersecurity tool known as "EINSTEIN 3." EINSTEIN 3 is the next generation of the U.S. Computer Emergency Readiness Team's intrusion detection and prevention system for the federal government, which will involve active monitoring of all network traffic to and from federal agencies. DHS has not released the full, classified PIA for the tool in either complete or redacted form, but instead drafted a different version for release to the public. For more information, see EPIC Deep Packet Inspection, EPIC Critical Infrastructure Protection (Mar. 26, 2010) - Worker Biometric ID Under Consideration in US
Senators Charles Schumer and Lindsey Graham have proposed a new national identity card. The Senators would require that "all U.S. citizens and legal immigrants who want jobs" obtain a "high-tech, fraud-proof Social Security card" with a unique biometric identifier. The card, they say, would not contain private information, medical information, or tracking techniques, and the biometric identifiers would not be stored in a government database. EPIC has testified in Congress and commented to federal agencies on the privacy and security risks associated with national identification systems and biometric identifiers. For more information, see EPIC: National ID and the REAL ID Act, EPIC: Biometric Identifiers, and the Privacy Coalition’s Campaign Against REAL ID. (Mar. 24, 2010) - State Legislators Vote Against Body Scanners
The Idaho House of Representatives has voted to limit use of digital strip search machines. The 58-9 vote sends Bill 573 to the Idaho Senate, which will vote on the anti-body scanner measure. The bill would bar body scanners as primary screening, require security officers to offer an alternative search, and mandate an independent investigation into the scanners' health risks. The bill's sponsor, Rep. Phil Hart, said “It’s my opinion that the use of these devices to screen every individual … would be an unreasonable search of those persons." For more, see EPIC Whole Body Imaging and EPIC Travel Privacy. (Mar. 23, 2010) - Federal Appeals Court to Hear Arguments in SSN Free Speech Case
The Fourth Circuit Court of Appeals will hold oral arguments on Tuesday, March 23 in the case of Ostergren v. McConnell. Betty Ostergren runs a website that republishes Social Security Numbers, collected from public records, to persuade Virginia lawmakers to stop releasing documents that reveal Social Security Numbers. EPIC filed a "friend of the court" brief in October, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Social Security Numbers. (Mar. 22, 2010) - PRIVACY.ORG Relaunches with New Features
PRIVACY.ORG, the first web site devoted exclusively to privacy issues, has a new look and new tools. PRIVACY.ORG provides daily updates on privacy stories in the news. PRIVACY.ORG features a Twitter news feed with all #privacy tweets. And PRIVACY.ORG highlights important campaigns, such as the current effort to suspend the deployment of airport body scanners. Twitter, Facebook, digg, Technorati, del.icio.us, and Linked In users can tag items to share with others. Researchers, reporters, policy makers, and consumers have helped make PRIVACY.ORG the top-ranked privacy site online today. Privacy.org is a joint project of the Electronic Privacy Information Center (EPIC) and Privacy International. (Mar. 22, 2010) - EPIC Files Supreme Court Brief in Electronic Privacy Case
EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of public employees who use electronic communications devices. In City of Ontario v. Quon, the Supreme Court has been asked to determine whether a government employer can search the content of text messages sent from an employee's pager. EPIC's brief argues that data minimization practices should be applied to public sector searches because of the Fourth Amendment reasonableness requirement and the fact that employer-issued devices collect and store detailed personal information, including internet search history, text messages, emails, and locational data. EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States, which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon. (Mar. 22, 2010) - EPIC Recommends That Congress Suspend Body Scanning Program
In testimony before the House Committee on Homeland Security, EPIC President Marc Rotenberg urged Congress to halt the plan to deploy body scanners in the nation's airports. "Based on the documents we've obtained, the views of experts, the concerns of American, and the extraordinary cost, Congress should suspend the program," said Mr. Rotenberg. In a recent letter to President Obama, EPIC and Ralph Nader recommended an independent review to assess health impacts, privacy safeguards, and the actual effectiveness of the devices. Through FOIA litigation, EPIC has obtained technical specifications, vendor contracts, and hundreds of complaints from US air travelers about the body scanners (Part 1, Part 2, Part 3, Part 4, Part 5). A recent report from the GAO has also raised questions about the effectiveness and cost of the devices. For more information, see EPIC Whole Body Imaging and EPIC Air Travel Privacy. (Mar. 18, 2010) - FCC Release National Broadband Plan, Privacy Strategy Unclear
The Federal Communications Commission (FCC) released its National Broadband Plan today. The FCC notes that “many users are increasingly concerned about their lack of control over sensitive personal data" and warns that "Innovation will suffer if a lack of trust exists between users and entities with which they interact over the internet.” The FCC makes several recommendations, but there is no clear plan to address growing concerns about cloud computing, smart grids and unfair and deceptive trade practices. Last year, EPIC urged the FCC to develop a comprehensive strategy for online privacy as part of the national broadband strategy. (Mar. 17, 2010) - EPIC Recommends Effective Consumer Privacy Standards, Calls Notice and Choice a "Failed Experiment"
At the third FTC Privacy Roundtable, EPIC senior counsel John Verdi will recommend that the Commission push forward with effective and meaningful privacy safeguards for American consumers. Mr. Verdi will say that the "notice and choice" approach has failed, and will recommend that the FTC enforce Fair Information Practices, such as the OECD Privacy Guidelines. The discussion can be viewed via webcast. Additional information on the FTC roundtable event can be found here. For more information, see EPIC In re Google Buzz, EPIC In re Facebook, and EPIC In re Google and Cloud Computing. (Mar. 17, 2010) - Senators Leahy and Cornyn Introduce Bill to Reduce FOIA Delays
Senators Patrick Leahy and John Cornyn introduced the Faster FOIA Act, which would establish a panel to examine agency backlogs in processing FOIA requests. Government reports reveal substantial agency delays in disclosing FOIA records. The bill comes at the beginning of Sunshine Week, a national observance of the importance of open government. EPIC makes frequent use of the FOIA to obtain information about privacy issues. EPIC celebrated Sunshine Week by publishing the EPIC FOIA Gallery: 2010. For more, see EPIC: Open Government and EPIC Bookstore: FOIA. (Mar. 16, 2010) - EPIC Publishes 2010 FOIA Gallery
In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2010. The gallery highlights key documents obtained by EPIC in the past year, including records detailing the privacy risks posed by airport body scanners, fraudulent "parental control" software, and federal agencies' contracts with social networking web sites. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA. (Mar. 16, 2010) - EPIC to Testify in Congress on Airport Security
EPIC has been asked to testify before the Subcommittee on Transportation Security and Infrastructure Protection on Wednesday, March 17, 2010. The hearing will examine "An Assessment of Checkpoint Security: Are Our Airports Keeping Passengers Safe?" EPIC is expected to discuss the documents it has recently obtained in an open government lawsuit against the DHS. For more information, see EPIC: Whole Body Imaging. (Mar. 15, 2010) - Netflix Cancels Contest over Privacy Concerns
Netflix canceled its second $1 million Netflix Prize after privacy concerns from the FTC and a federal lawsuit alleging invasion of privacy and violations of the Video Privacy Protection Act. The Netflix contest challenged contestants to find a superior movie-recommendation algorithm from “anonymized” datasets that included movie ratings, date of ratings, unique ID numbers for Netflix subscribers, and movie information. In 2006, during the first Netflix Prize contest, researchers conducted a study that revealed if a person has information about when and how a user rated six movies, that person can identify 99% of people in the Netflix database. After productive discussions with the FTC over reidentification concerns which stemmed from this study, Netflix and the federal agency reached an understanding on how Netflix would use user data in the future. Netflix also settled the VPPA lawsuit. For more information, see EPIC: Reidentification. (Mar. 15, 2010) - Independent Open Government Audit Finds Mixed Results for Obama Administration
The National Security Archive at George Washington University has released the results of its annual government-wide FOIA audit. The audit tested agency responsiveness to President Obama's new directives on government transparency and openness. The Archive report concluded that less than half of federal agencies have responded to the new open government directives with concrete changes, and only four agencies "show both increases in releases and decreases in denials under the FOIA." Attorney General Eric Holder spoke today about the administration's FOIA record. For more information, see EPIC Open Government. (Mar. 15, 2010) - EPIC Recommends Privacy Safeguards for Smart Grid Services
In formal comments, EPIC urged the California Public Utility Commission to adopt privacy safeguards for Smart Grid systems to protect consumer electricity usage information from unauthorized collection, use, and disclosure. Smart Grid networks uniquely identify individual electrical appliances, and create new privacy risks. EPIC recommended that policies be established to protect consumer data, including limitations on data collection, new security standards, and independent oversight. For more information, see EPIC: Smart Grid. (Mar. 12, 2010) - Massachusetts Data Protection Law Goes into Effect
Massachusetts’s new data protection law went into effect at the beginning of March. The law applies to all companies that own or license the personal information of Massachusetts residents. According to the new regulations, companies are now required to create a comprehensive security program that details how personal information will be safeguarded. Governor Deval Patrick stated, “Consumers should feel confident that their personal information is protected, and not exposed to loss or theft. These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.” For more information on privacy and identity theft, see EPIC: Identity Theft. (Mar. 10, 2010) - German Court Declares Data Retention Law Unconstitutional
On March 2, 2010, the German Federal Constitutional Court ruled that a law allowing law enforcement authorities to store telephone and Internet data is inconsistent with the right to privacy under the German Constitution. The law allows data on calls and e-mail exchanges to be retained for six months, and made available for use by criminal authorities. The court found that the law went beyond the original intent of the directive the European Union enacted in March 2006. EPIC has documented the impact of data retention requirements. For more information, see EPIC’s webpage on data retention. (Mar. 9, 2010) - EPIC v. DHS: EPIC Obtains Complaints About Airport Body Scanners
In response to an EPIC Freedom of Information Act lawsuit, the Department of Homeland Security and the Transportation Security Administration (TSA) released more documents about body scanners in US airports. The documents include many complaints from travelers who went through the devices. Travelers reported that they were not told about the pat down alternative or that they were going to be subject to a body scan by TSA officials. Travelers also expressed concern about radiation risks to pregnant women and the image capture of young children without clothes. EPIC has previously obtained whole body imaging vendor contracts, operational requirements, and procurement specifications from TSA. EPIC and Ralph Nader have urged President Obama to suspend the program until an independent review is completed. For more information see EPIC: Whole Body Imaging Technology. (Mar. 8, 2010) - EPIC Google Buzz Complaint Raises “A Number of Privacy Concerns” for the FTC
The FTC has sent a letter to EPIC regarding the February 2010 EPIC complaint about Google’s recently launched social networking tool, Google Buzz. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises interesting issues that relate to consumer expectations about the collection and use of their data.” Further, the FTC Director highlights the importance of having consumers “understand how their data will be used” and allowing consumers the “opportunity to exercise meaningful control over such uses.” EPIC has since filed an amended complaint with the FTC that describes how Google Buzz violated Google’s own privacy policy for Gmail. For more information, see EPIC: In re Google Buzz. (Mar. 8, 2010) - Senate Holds Hearing on Internet Freedom
The Judiciary Subcommittee on Human Rights and the Law held a hearing on "Global Internet Freedom and the Rule of Law," which focused on information technology industry business practices in countries that restrict the internet . The Senate hearing came one month after Secretary Clinton delivered a speech on internet freedom. Following the speech, EPIC and 29 experts of technology and privacy wrote a letter to Secretary Clinton, urging the United States to begin the process of ratifying the Council of Europe Convention on Privacy, which seeks to protect fundamental human rights as technology advances. EPIC made the same recommendation in statements for the record for a House hearing on Google and U.S. Cyberspace Policy, and for the Senate hearing on Internet Freedom. For more information, see Letter from State Department regarding Clinton Letter and EPIC’s NSPD-54 complaint. (Mar. 5, 2010) - Senate Confirms Julie Brill as FTC Commissioner
The Senate confirmed Julie Brill, former Vermont Assistant Attorney General, to fill a vacancy for FTC Commissioner. Brill served for over 20 years as Vermont’s Assistant Attorney General for Consumer Protection and Antitrust, and currently serves as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. Brill has had experience with several important consumer protection issues, including tobacco, food and drug, antitrust, and privacy and identity theft. Senator Leahy (D-VT) expressed support for Brill’s confirmation, proclaiming, “We again have an FTC that is on the side of the consumers. Julie Brill will help revitalize an FTC that has languished while consumers’ interests have given way to special interests.” (Mar. 4, 2010) - EPIC Files Supreme Court Brief for Petitioner Privacy
EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of those who sign petitions. In Doe v. Reed, the Court has been asked to determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC's brief argues that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. For more information, see EPIC Doe v. Reed. (Mar. 3, 2010) - White House Publishes Outline of Cyber Security Policies
The White House announced today that it has made a description of the Comprehensive National Cybersecurity Initiative (CNCI) available online for public viewing. The12 CNCI initiatives cover a wide range of government activity, from cyber education to intrusion detection. However, the text of the underlying legal authority for cybersecurity still remains secret. EPIC has been involved in ongoing litigation regarding a Freedom of Information Act request for the text of the critical cybersecurity document NSPD 54 that President Bush signed in 2008. For more information, see EPIC: EPIC Sues NSA to Force Disclosure of Cyber Security Authority and EPIC: EPIC Seeks Records on Google-NSA Relationship. (Mar. 2, 2010) - EPIC Files Amended Complaint on Google Buzz
EPIC has filed a supplement to its earlier complaint with the Federal Trade Commission, urging the FTC to investigate Google Buzz. EPIC's original complaint cited clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws." EPIC's supplemental complaint elaborates on the specific ways in which Google Buzz constituted a violation of Google's stated Privacy Policy for Gmail. For more information, see EPIC: In re Google Buzz. (Mar. 2, 2010) - Supreme Court: Privacy Lawsuit Against Hustler Can Go Forward
Today the Supreme Court of the United States issued an order that will allow a privacy case against the Hustler Magazine to continue in lower courts. In March of 2008, less than a year after she was murdered by her wrestler husband, naked photos of Nancy Benoit were published in the magazine. Nancy Benoit's mother Maureen Toffoloni, sued the magazine, claiming that her daughter had asked immediately after the shoot to have the photos and video destroyed and believed that photographer Mark Samansky had done so. Hustler magazine asked the court to dismiss the action, arguing that publication of the pictures was protected by the First Amendment. The Appeals Court ruled against Hustler magazine in June, allowing the lawsuit to go forward. Hustler appealed the decision and the Supreme Court let stand the lower court's ruling. (Mar. 1, 2010) - The GAO Calls for Further Analysis Before Deploying Whole Body Imaging Machines
The Government Accountability Office (GAO) recently released a report regarding the deployment of body scanners. The GAO cited its 2009 recommendations to the Transportation Security Administration (TSA): that the TSA conduct operational tests to ensure that the whole body imaging machines are reliable, and the that TSA conduct an assessment of the whole body imaging machines' vulnerabilities. In its latest report, the GAO warned TSA of the importance of full operational tests, citing the puffer machine debacle as an example of the government waste that results from insufficient operational testing. The GAO also expressed concern over TSA's lack of complete risk assessments and inability to "provide documentation to show how they have addressed the concerns raised in the 2009 GAO report regarding the susceptibility of the technology to terrorist tactics." Because of this, the GAO concluded that it is unclear whether the body scanners or other technologies would have detected the weapon used in the December 25 attempted attack. For more information, see EPIC: Whole Body Imaging Technology and Body Scanners. (Mar. 1, 2010) - Judge Waits to Decide on Proposed Settlement in Facebook Privacy Case
Following a hearing last week, U.S. District Court Judge Seeborg reserved decision about the approval of Facebook’s proposed 9.5 million dollar settlement in a case involving Facebook Beacon. According to the settlement terms, Facebook would contribute about $6 million to the establishment of a privacy organization. Facebook, however, would maintain control over this organization, as Facebook's top lobbyist would become co-President and all significant decisions would require a unanimous vote. EPIC and several other privacy organizations, including the Consumer Federation of America and the Privacy Rights Clearinghouse, have written a letter to Judge Seeborg, ask him to reject the settlement as proposed. For more information, see EPIC: Facebook Privacy. (Mar. 1, 2010) - Congress Renews PATRIOT Act without Privacy Amendments
After months of debate, Congress has voted to extend the three expiring provisions of the USA PATRIOT Act for one year with no alteration. The provisions, concerning business records, roving wiretaps, and "lone wolf" investigations, give federal law enforcement agencies broad powers to gather information on Americans. Both the Senate and House Judiciary committees proposed bills to renew these provisions with reforms that would establish greater oversight, but neither bill went to a floor vote. For more information, see EPIC PATRIOT Act, EPIC PATRIOT Act Extension. (Mar. 1, 2010) - Study Ranks Top 20 Companies for Privacy in 2010, Facebook Drops Off List
Ponemon Institute released its annual study identifying the top twenty companies that are most trusted for privacy. American Express was ranked first, earning the Most Trusted for Privacy distinction for the fifth year in a row. Facebook suffered several privacy missteps over the last year, including a recent change in privacy settings at the end of 2009, and as a result, failed to make the 2010 list. Google, however, returned to the Top 20, ranked at 13. The survey also produced significant findings regarding consumer attitudes towards privacy, including the finding that consumers feel they are losing control over their personal information. Further, the responses revealed that consumers’ fear of identity theft is the main factor for brand trust diminishment, while a company’s implementation of privacy features contribute to brand trust. Other significant positive factors were limits on the collection of personal information and online anonymity. (Feb. 26, 2010) - Ralph Nader and EPIC's Marc Rotenberg Urge President Obama to Suspend Whole Body Scanning Program
In a letter to the White House, consumer advocate Ralph Nader and EPIC President Marc Rotenberg have asked President Obama to suspend the deployment of body imaging devices until "a comprehensive evaluation of the devices' effectiveness, health impacts, and privacy safeguards is completed by an independent board of review." Mr. Nader and Mr. Rotenberg point to a recent workshop at which experts noted that the devices are ineffective, that health risks have not been assessed, and that the TSA has misrepresented the privacy safeguards. They also said that air travelers subject to secondary screening who are actually familiar with the capabilities of body scanners would prefer a pat-down search to a body scan for both privacy and religious reasons. European governments are currently undertaking a three-month review of the body scanner proposal. For more information see EPIC: Whole Body Imaging. (Feb. 24, 2010) - EPIC Urges Congress to Adopt Privacy Safeguards for Locational Data
Today, EPIC submitted comments for an upcoming joint hearing on "The Collection and Use of Location Information for Commercial Purposes." EPIC cited the growing uses of location data for advertising and tracking purposes, typically without any legal protections, and noted widespread support among US and European consumer organizations for clear protections. EPIC recommended that Congress establish strong rules, similar to those in the European Union Eprivacy Directive, that would give users meaningful control over their locational data. EPIC had previously recommended that the F.C.C. establish guidelines for the protection of users' locational privacy. For more information, see EPIC: CPNI. (Feb. 23, 2010) - Pew Research Center Releases New Report on Future of the Internet
The Pew Research Center has released its fourth annual "The Future of the Internet" report. The report, part of the Center's Internet and American Life Project, surveyed the views of technology experts, stakeholders, and critics regarding their expectations about the changes and the future of the internet. When asked to share his view "about the future of anonymous activity online," EPIC Executive Director Marc Rotenberg explained, "The privacy and civil liberties battles over the next decade will increasingly focus on the growing demands for identity credentials. New systems for authentication will bring new problems as more identity information will create new opportunities for criminals." (Feb. 19, 2010) - EPIC and Ralph Nader Host Event on Body Scanners
Today the Center for the Study of Responsive Law (CSRL) and EPIC hosted an event: “Airport Body Scanners Under the Microscope: Not Such a Pretty Picture.” The event featured keynote speeches by Ralph Nader and Marc Rotenberg, president of EPIC. The event also included two panels, the first of which focused on the problems with body scanners, and the second of which dealt with the political opportunities that exist to combat the widespread utilization of the scanners. The event included talks by experts on radiation, airport security, religious and constitutional ramifications of whole body imaging, and the international response to whole body imaging machines. EPIC Staff Counsel, Ginger McCall, discussed documents that EPIC recently received that reveal that the machines can store and transmit images. Katitiza Rodriguez, director of EPIC’s International Privacy Project, discussed the EU’s decision to postpone the use of these machines until a full privacy and health risk assessment can be completed. For more information see: EPIC: Whole Body Imaging. (Feb. 19, 2010) - EPIC Urges Court to Reject Google Books Settlement, Warns that Privacy Problems Cannot Be Fixed
In federal district court in New York, EPIC President Marc Rotenberg urged Judge Denny Chin to reject the revised settlement now before the court in Authors Guild v. Google. Mr. Rotenberg said that the settlement would "turn upside down" well established safeguards for reader privacy, including state privacy laws, library confidentiality obligations, and the development of techniques that minimize privacy intrusions. Mr. Rotenberg warned that the settlement would eviscerate legal safeguards for library patrons, commercialize access to information, consolidate Google's control of the Internet, and put in place an elaborate system of user authentication and watermarking. "A person at any library or any university in the United States that attempted to retrieve information from Google's digital library would be uniquely tagged and tracked. There is simply no precedent for the creation of such power." For more, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy, EPIC: Google Books Hearing Press Release. (Feb. 19, 2010) - EPIC Urges Federal Trade Commission to Investigate Google Buzz
EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Google Buzz. Last week, Google tried to transform its popular email service into an untested social networking service. As a consequence, Google displayed social networking lists based on a user's most frequent address book contacts. The change was widely criticized. EPIC's complaint cites clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws." EPIC also noted that the FTC has failed to take action in another matter involving Google and Cloud Computing services. For more information, see EPIC: In re Google Buzz and EPIC: Google Buzz Press Release. (Feb. 16, 2010) - European Parliament Rejects Data Disclosure Deal
Dealing a clear setback to US efforts to spy on the private lives of European citizens, the European Parliament has voted 378 to 116 to end an agreement that would give US officials direct access to European financial records through the SWIFT banking system. Privacy International began a campaign in 2006 to stop the transfer of data, which violated European privacy laws and was described by European lawmakers as "disproportionate" and lacking reciprocity. (Feb. 13, 2010) - Federal Appeals Court Hears Arguments in Location Privacy Case
The Third Circuit Court of Appeals considered this week whether the government must obtain a warrant prior to obtaining location data from an electronic communications service provider. The case centers on access to cellphone records that were used to help crack a bank robbery investigation In a related case, the Massachusetts Supreme Court recently held that a warrant would be required for the use of a GPS tracking device. EPIC filed an amicus brief in that case. For information see EPIC Commonwealth v. Connolly. (Feb. 13, 2010) - EPIC to Defend Readers' Privacy at Google Books Hearing
On February 18, 2010, EPIC President Marc Rotenberg will appear in federal court in New York to represent readers' privacy and right to read anonymously. EPIC will urge Judge Chin to reject Google's deal with publishers, which requires readers to provide sensitive personal information to view digital books offered by Google, but fails to protect their privacy. EPIC previously moved to intervene in the case, observing that readers' interests are not represented, and warning that the settlement "threatens well-established standards that safeguard intellectual freedom," "imperils longstanding Constitutional rights," and "threatens to eviscerate state library privacy laws that safeguard library patrons in the United States." For more, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy. (Feb. 9, 2010) - EPIC Statement to Congress on Google, NSA, and Cybersecurity
EPIC has submitted a statement for the record for a House Foreign Affairs Committee hearing on Google and U.S. Cyberspace Policy. EPIC's statement recommends investigation into the newly-announced partnership between Google and the National Security Agency and the public release of the secret document that grants the NSA broad surveillance authority in cyberspace. The EPIC statement also urges the Congressional Committee to support US ratification of the Council of Europe privacy convention. For more information, see EPIC Critical Infrastructure Protection, Experts' Letter to Secretary Clinton on the Council of Europe Convention. (Feb. 9, 2010) - Revised Google Books Settlement Fails to Fix Key Problems
Even after revisions, the Google Books Settlement still fails to address antitrust, privacy, and copyright concerns, according the the US Justice Department, privacy advocates, and academic authors.On February 4, the Justice Department filed a brief and issued a statement opposing the revised settlement. The Department said the revisions still ran afoul of authors' copyrights and did not fix antitrust problems. EPIC also continues to object to the settlement because it does not contain adequate privacy protections for readers. On February 4, EPIC informed the court of its intent to appear at the February 18 Fairness Hearing on behalf of users' privacy interests. For more information, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy. (Feb. 5, 2010) - FCC Commits to Protecting Consumers in FY 2011 Performance Plan
The Federal Communications Commission (FCC) released its FY 2011 budget request and performance plan. The FCC requests funding for furthering cybersecurity, implementing the National Broadband Plan, revamping the FCC's data systems and processes, and modernizing the agency's communications tools and expertise. The FCC prioritizes implementation of the National Broadband Plan and protection of consumers in the agency's performance goals. Objectives with respect to consumers include addressing 100% of complaints filed with the Commission alleging violations of the Communications Act and taking appropriate action within 15 months, rigorously enforcing the Telephone Consumer Protection Act, and ensuring "through litigation where necessary, that consumers are protected from anticompetitive practices." (Feb. 4, 2010) - EPIC Seeks Records on Google-NSA Relationship
Today EPIC filed a Freedom of Information Act request with the National Security Agency, seeking records regarding the relationship between Google and the NSA. The press reported that Google and the NSA have entered into a partnership following a recent hacker attack on Google originating from China. The EPIC FOIA request also seeks NSA communications with Google regarding Google's failure to encrypt Gmail and cloud computing services. In March 2009, EPIC filed a complaint with the Federal Trade Commission urging it to investigate the adequacy of Google's cloud computing privacy and security safeguards. Today EPIC also filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. For more information, see EPIC FOIA Litigation and EPIC Cloud Computing. (Feb. 4, 2010) - EPIC Sues NSA to Force Disclosure of Cyber Security Authority
EPIC has filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. The document, National Security Presidential Directive 54 grants the NSA broad authority over the security of American computer networks. The agencies violated the Freedom of Information Act by failing to make public the Directive and related records in response to EPIC's request. EPIC's suit asks a federal judge to require the release of the documents. Congress is currently debating cyber security policy. For more information, see EPIC FOIA Litigation, EPIC Critical Infrastructure Protection. (Feb. 4, 2010) - Federal Trade Commission Sets out Priorities But Lacks Strategy for Privacy Protection
The Federal Trade Commission released the Congressional budget justification summary for FY 2011 and performance plan for FY 2010-11. The FTC documents list three strategic goals: protect consumers, maintain competition, and advance performance. Objectives include improving consumer education, identifying and stopping “fraud, deception and unfair practices,” and “protecting American consumers in the global marketplace.” Although the FTC Implementation Plan includes the development of approaches to implement OECD Guidelines on consumer protection in the context of electronic commerce, there is no mention of implementing OECD Guidelines on privacy protection. (Feb. 4, 2010) - Federal Budget Announced for Fiscal Year 2011, Surveillance Projects Scrutinized
The Office of Management and Budget has released the federal budget for fiscal year 2011. The budget proposes funding for several new surveillance initiatives, including over $700 million to the Department of Homeland Security for "Passenger Aviation Security". The Department would like to purchase 500 body scanner machines for U.S. airports, bringing the projected total number of machines to 1,000 at a cost of over $200 million by the end of 2011. The new budget also includes several hundred million dollars for the Department of Justice's national security programs, which were recently the subject of a critical Inspector-General's report for improper use of authority. For more information, see EPIC DHS and Privacy, EPIC Domestic Surveillance, EPIC Air Travel Privacy, and EPIC Whole Body Imaging. (Feb. 3, 2010) - Facebook Users Object to Beacon Settlement
Facebook users filed papers in federal court objecting to a proposed deal that would extinguish the company's liability for disclosing personal information in violation of federal law. Users criticized the class action settlement, stating "the class receives no meaningful relief." Other objectors alleged "in effect, Facebook is paying itself the benefit but class members are releasing their individual privacy claims." EPIC previously submitted a letter to the judge hearing the case. EPIC's letter opposes the settlement and proposes alternatives that would enable stronger privacy safeguards for Facebook users in the future. For more information, see EPIC Facebook Privacy, EPIC Harris v. Blockbuster. (Feb. 2, 2010) - Homeland Security Releases Annual FOIA Report
The Department of Homeland Security has released the 2009 Freedom of Information Act Report. The report shows that the Department processed over 160,000 requests in the past year, with 27,182 requests remaining pending. Of the requests processed, 11% were granted in full, 60% were classified as "partial grants/partial denials," and the remaining 29% were denied in full. The overwhelming majority of backlogged requests and appeals are pending at the Customs and Immigration Service. For denied requests with processed appeals, nearly 30% were fully reversed on appeal, and another 32% were reversed in part. EPIC currently has two FOIA cases pending against the Department relating to its use of Body Scanner machines. For more information, see EPIC v. DHS, EPIC FOIA Litigation Docket. (Feb. 1, 2010) - EPIC Urges Increased Privacy for "Global Entry" Registered Traveler Program
On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Jan. 28, 2010) - EPIC Honors Michael Kirby
EPIC presented the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980. The OECD Guidelines consist of eight principles that have provided the basis for national laws, international agreements, and privacy frameworks that have been adopted around the world. "The international privacy community owes Justice Kirby a huge debt for his critical role working with leading experts from North America, Europe and Asia to develop the Guidelines,” said Jennifer Stoddart, Privacy Commissioner of Canada. The Award will be presented to Justice Kirby at the OECD in Paris on March 10, 2010. The 2009 EPIC International Privacy Champion Award was given to Italian jurist Professor Stefano Rodota. The 2010 EPIC US Privacy Champion Award was given to Beth Givens, founder and director of the Privacy Rights Clearinghouse in San Diego, California. (Jan. 28, 2010) - EPIC Urges FTC to Protect Users' Privacy On Cloud Computing and Social Networking Services
EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission's “lack of leadership and technical expertise.” EPIC's comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy. (Jan. 28, 2010) - Experts Urge Secretary Clinton to Act on International Privacy Convention
Twenty-nine experts in privacy and technology have sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. More than forty countries have ratified the Convention, which was opened for signature on January 28, 1981. The letter calls attention to Secretary Clinton's recent remarks on Internet Freedom and the Madrid Declaration in which civil society groups have urged countries that have not yet ratified the Council of Europe Convention to do so as soon as possible. The signatories state, "privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all." (Jan. 28, 2010) - EPIC Honors US Privacy Advocate Beth Givens
EPIC has given the 2010 US Privacy Champion Award to Beth Givens, the founder and director of the Privacy Rights Clearinghouse in San Diego, California. Established in 1992 to provide information to consumers about privacy issues and to advocate on behalf of consumers, the Privacy Rights Clearinghouse has emerged as a leading defender of privacy rights in the United States. The Privacy Rights Clearinghouse provides extensive services to consumers and makes privacy fact sheets available in both English and Spanish. In receiving the award from EPIC, Ms. Givens was recognized as a "tireless champion for the rights of consumers." (Jan. 27, 2010) - Experts to Speak at National Press Club about Body Scanners
Leading privacy law scholars Anita Allen and Jeffrey Rosen, acclaimed author and surveillance authority James Bamford, world renowned security technologist Bruce Schneier, and EPIC President Marc Rotenberg will be at the National Press Club, on Monday, January 25 at 8:30 a.m. for a panel discussion on "Body Scanners and Privacy." The event takes place as Congress is in the middle of hearings to determine whether to deploy full body imaging devices in US airports. (Jan. 24, 2010) - European Union Rejects US Demands on Body Scanners
EU President Alfredo Perez Rubalcaba announced today that European countries would not rush to install body scanners as the United States has urged. He said that there will first be studies to determine whether the devices "are effective, do not harm health, and do not violate privacy." The European countries have agreed that they will adopt a unified position on the body scanner proposal. European Minister Viviane Reding stated that "Europe's need for security cannot justify an invasion of privacy. Our citizens are not objects: they are human beings." Previous post-9/11 disputes between the US and the EU have involved the transfer of Passenger Name Records and financial information. The European position in the current dispute is strengthened by the recent adoption of the Lisbon Treaty and the entry into force of the Charter of Fundmental Rights. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.” For more information, see EPIC: Whole Body Imaging Technology. (Jan. 21, 2010) - Inspector General Finds "Egregious Breakdown" in FBI Oversight
The Department of Justice Office of the Inspector General has issued a report on the FBI's use of "exigent letters" and other means to obtain telephone records from three unnamed phone companies. The 300-page report concludes that many of the FBI's practices "violated FBI guidelines, Department policy," and the Electronic Communications Privacy Act. The report also found that "the FBI sought and acquired reporters' telephone toll billing records and calling activity information" through improper means. The report concludes that "the FBI's initial attempts at corrective action were seriously deficient, ill-conceived, and poorly executed" and makes several recommendations for improvement. In a 2007 letter to the Senate Judiciary Committee, EPIC recommended that the FBI's National Security Letter authority be repealed. For more information, see EPIC National Security Letters. (Jan. 21, 2010) - Congress Begins Hearings on the "Trouser Bomber" and Intelligence Reform
The Senate Judiciary Committee and the Senate Committee on Homeland Security opened hearings today on airline security and the intelligence failure on December 25. Questions about privacy and civil liberties were raised frequently by senators. Specifically, senators asked about the adequacy of privacy safeguards for the body scanners, database profiling, biometric identification, and the status of the President's Civil Liberties and Privacy Oversight Board. According to documents obtained by EPIC through a Freedom of Information Act request, the body scanners ordered by the TSA are designed to store and record images of American air travelers. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.” (Jan. 20, 2010) - Microsoft to Delete Search Data after Six Months, Following Recommendation by European Privacy Officials
In order to comply with European privacy law, Microsoft announced that it will delete user search data, including IP addresses, after six months. In 2008 the Article 29 Working Group, which includes data protection officials across the European Union, met with Microsoft, Google, and Yahoo to discuss their data retention practices. Following a determination that records are subject to European privacy law, the Article 29 Working Group asked the search engine companies to eliminate online user data, including IP addresses and search queries, after six months. Microsoft will redesign its new Bing search engine to comply with the request. It is unclear at this point what Google and Yahoo will do. In early 2008, EPIC urged the European Parliament to protect the privacy of search histories. For more information, see EPIC: Search Engine Privacy. (Jan. 20, 2010) - EPIC, Privacy Groups Oppose Facebook Settlement
EPIC and other privacy groups sent a letter to the federal judge overseeing a class-action settlement against Facebook in California, opposing the settlement as unfair and unreasonable. As proposed, the settlement does not provide any benefit for Facebook users whose private data was illegally exposed by Facebook "Beacon." Instead, the deal would create a new "privacy foundation" subject to Facebook's influence. Fair settlements typically provide compensation to class members or a remedy that addresses the underlying harm, which in this case was a violation of federal privacy law. The letter from EPIC proposes alternatives that would enable stronger privacy safeguards for Facebook users in the future. For more information, see EPIC Facebook Privacy, EPIC Harris v. Blockbuster. (Jan. 19, 2010) - EPIC’s Facebook Complaint of "particular interest" to FTC
The FTC has sent a letter to EPIC regarding the December 2009 complaint, submitted by privacy organizations, about Facebook’s recent changes to user privacy settings. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises issues of particular interest” for the FTC. Further, Vladeck stresses the importance of providing “transparency about how this data is being handled, maintained, shared, and protected . . . .” The Commission, however, cannot confirm or deny whether an investigation has been launched. The letter came one day before EPIC filed a supplemental complaint regarding Facebook’s privacy practices. For more information, see EPIC: In re Facebook. (Jan. 19, 2010) - Canadian Privacy Commission to Investigate Facebook
Canada’s Privacy Commissioner Jennifer Stoddart has launched an investigation into the information collection and use practices of online social networking sites. This investigation is being conducted as the Parliament prepares to review the Personal Information Protection and Electronic Documents Act. Stoddart plans to examine “issues that we feel pose a serious challenge to the privacy of consumers, now and in the near future,” and to foster discussions about "the impact of these technological developments on privacy." This is not the first time the Commissioner has investigated the information practices of Facebook. In August 2009, Facebook made several changes to its privacy policy, following recommendations by the Commissioner and a complaint filed by the Canadian Internet Policy and Public Interest Clinic. For more information, see EPIC: Facebook Privacy and EPIC: Social Networking Privacy. (Jan. 19, 2010) - Privacy Groups File Amended Complaint regarding Facebook
EPIC and several other groups filed a supplement to the groups' original complaint with the Federal Trade Commission concerning Facebook’s recent privacy changes. The new complaint provides additional evidence of Facebook’s unfair and deceptive trade practices relating to Facebook CEO's public statements, the most recent version of the Facebook for iPhone application, Facebook Connect, and "web-suicide" applications. The complaint also offers numerous examples of media stories and blog posts in support of an investigation by the Federal Trade Commission into Facebook’s unfair and deceptive trade practices. For more information, see EPIC: In re Facebook. (Jan. 14, 2010) - UPDATE - EPIC Sues Dept. of Homeland Security, Demands Additional Documents About Airport Body Scanners
EPIC has filed a second FOIA lawsuit, demanding the release of the full resolution images captured by airport "digital strip search" machines. EPIC's suit against the Department of Homeland Security also seeks records detailing air traveler complaints and security breaches that may have exposed data to unauthorized individuals. The TSA has called for mandatory use of the body scanners in all US airports. A prior EPIC lawsuit forced the disclosure of documents that reveal that TSA officials can disable privacy filters and export raw image files. For more information, see EPIC Whole Body Imaging Technology and EPIC Open Government. (Jan. 13, 2010) - Top European Justice Official Opposes Body Scanners
In widely reported remarks, Viviane Reding, the Justice Minister for the 27-member European Union, has expressed opposition to the US proposal to deploy body scanners. Minister Reding told the European Parliament, "Our citizens are not objects. They are human beings." Ms. Reding also emphasized data protection and the Charter of Fundamental Rights, which establishes new rights for EU citizens, including a right to information privacy. Previous post-9/11 disputes between the US and the EU have involved the transfer of Passenger Name Records and financial information. For more information, see EPIC Passenger Profiling. (Jan. 12, 2010) - UPDATE - EPIC Posts TSA Documents on Body Scanners
EPIC has posted more than 250 pages of documents it obtained in a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search images of Americans. This contradicts assurances made by the TSA. The documents include TSA Procurement Specifications, TSA Operational Requirements, TSA contract with L3, TSA contract with Rapiscan (1), and TSA contract with Rapiscan (2). The DHS has withheld other documents that EPIC is seeking. For more information, see EPIC: Whole Body Imaging Technology and EPIC: Open Government. (Jan. 11, 2010) - EPIC Obtains Documents about Body Scanners
As a result of a Freedom of Information Act lawsuit, EPIC has obtained the TSA technical specifications and the vendor contracts for Whole Body Imaging devices, commonly called "body scanners." The documents reveal that TSA mandated that the devices have hard disk storage, USB access, and ethernet connectivity. The documents obtained by EPIC also detail a "Level Z" authority for TSA that allows the security agency to disable privacy filters and to export raw image files. The documents will be posted later today. EPIC is pursuing other information from the agency, including policy guidance. For more information, see EPIC's Whole Body Imaging page. (Jan. 11, 2010) - FTC Tells FCC it is Pursuing EPIC's Cloud Computing Complaint
The Federal Trade Commission is urging the Federal Communications Commission to consider the privacy implications of cloud computing in formulating the National Broadband Plan, due to Congress next month. The FTC interest into cloud computing was prompted by an EPIC complaint to the FTC in March 2009, in which EPIC described numerous privacy and security risk involving cloud-based applications. A subsequent letter from computer researchers and security experts supported EPIC's findings. For more information, see EPIC: Cloud Computing. (Jan. 6, 2010) - President Obama Cites Intelligence Failure in Christmas Day Plot
Today President Obama discussed the airplane attack on Christmas Day. The President pledged to investigate and address intelligence failures that allowed an Al Qaeda operative to board a plane with an explosive device. President Obama stated "this was not a failure to collect intelligence, it was a failure to integrate and understand the intelligence we already had." The President said that steps would be taken to improve watch lists. The President also recommended "smarter screening" at the nation's airports, but did not endorse an expansion of whole body imaging devices. For more information, see EPIC: Whole Body Imaging Technology, EPIC's Spotlight on Surveillance, and FB Group: Stop Airport Strip Searches. (Jan. 5, 2010)
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
