« May 2009 | Main | July 2009 »

June 2009 Archives

June 1, 2009

EPIC Submits Comments on Health Breach Notification to the FTC

The Federal Trade Commission proposed a rule requiring notification when the security of medical information is compromised. EPIC recommends that all entities handling health records be subject to standard security; tightening exemptions for de-identified data, enhancing media notification of health data breaches, ensuring additional breach notification through means such as text messages and social networking sites, and verification of receipt of notifications. See also EPIC's Page on Medical Privacy.

June 2, 2009

EPIC Urges Homeland Security to Stop Digital Strip-Searches

EPIC sent a letter to the Secretary of Homeland Security, Janet Napolitano, urging the suspension of the Whole Body Imaging program. The devices would capture detailed naked images of all passengers at US airports. EPIC and thirty organizations asked Napolitano to begin a formal rulemaking and investigate less invasive means of screening. EPIC has also launched a campaign and established a Facebook Group to stop the program. See EPIC's Backscatter X-ray, Whole Body Imaging, and Air Travel Privacy pages.

June 1, 2009

Despite Privacy Objections, Enhanced Identity Documents Required for Travel

The Western Hemisphere Travel Initiative went into effect today despite substantial privacy and security risks. The federal government now requires US citizens to present identity documents when entering the US. These documents incorporate RFID technology that jeopardizes the privacy and security of US travelers. EPIC has previously urged the State Department to abandon the proposal. Senator Leahy has also criticized the program. See also EPIC's Spotlight on Surveillance.

June 3, 2009

EPIC Urges Privacy Protections for Government's Use of Social Media

The DHS Privacy Office is seeking public comments on developing best practices on the government's use of social media. EPIC submitted comments on the benefits, issues and privacy best practices. EPIC recommended Privacy Act protections to the data collected, prohibit commercialization and sharing, and the use of a model certification system. See also EPIC's page on Social Networking Privacy, Network Advertising Initiative, and Deep Packet Inspection and Privacy..

EPIC Endorses Better Approaches on Government Transparency

In response to President Obama's plan to develop a new open government policy, EPIC submitted comments recommending that users are not tracked on government sites; promoting open government; allowing meaningful public participation in government decisions; stopping commercialization of personal data; and the application of Privacy Act to all data collected by the Government. See also EPIC's page on Open Government and consider purchasing EPIC's FOIA litigation manual.

Congress Holds Open Markup Session on Data Breach Bill

The Committee on Energy and Commerce held an open markup session on the Data Breach Bill. The Chairman of the subcommittee intends to have a law that is strong and adequately protects consumers. EPIC testified before Congress on this bill, which requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. For more information, see EPIC's page on Identity Theft.

Administration Moves to Second Phase of Open Government Directive

Last week, the White House received public comments in the First Phase of its open government proposal, "Brainstorming." The next phase, "Discussion," invites comments focusing on several transparency themes: principles, governance, access, data, and operations, to be followed by a series of posts on participation and collaboration. In the first phase, EPIC made five recommendations to promote government transparency and accountability. See EPIC's page on Open Government.

June 4, 2009

Congress Approves Bill Limiting TSA's Use of Whole-Body Imaging

Today, the House approved a bill that will limit the use of Whole-Body Imaging machines, installed by the Transportation Security Administration, in US airports. The devices photograph American air travelers stripped naked and could easily be programmed to record images. Congressman Jason Chaffetz (R-UT) sponsored the bill that will prohibit the use of the devices as the sole or primary method of screening aircraft passengers; require that passengers be provided information on the operation of such technology and offered a pat-down search in lieu of such screening; and prohibit the storage of an image of a passenger after a boarding determination is made. EPIC launched a campaign and a Facebook Group seeking to raise public awareness about Whole Body Imaging. See EPIC's Backscatter X-ray, Whole Body Imaging, and Air Travel Privacy pages.

June 5, 2009

Obama Administration Recommends that Supreme Court Preserve California Financial Privacy Law, Dismiss Bankers' Appeal

In a filing this week, the Department of Justice urged the nation's highest court to leave intact California's financial privacy law, saying the law does not impose hardships on banks. The California law provides strong financial privacy safeguards, including the right to curtail sale of personal information by financial firms to affiliated companies, and to bar the sale of data to non-affiliates unless consumers explicitly "opt-in." A consortium of financial services companies have challenged the law and, in December 2008, asked the Supreme Court to consider the case. The firms argued that the California statute conflicts with other federal rules. The Supreme Court requested the Administration's view on the case, and has often followed the Department's opinions. Earlier in the litigation, EPIC urged a federal appeals court to uphold the California privacy law. For more information, see EPIC's ABA v. Brown and Privacy and Preemption Watch pages.

"PRIVACY -- Protecting It While Preserving Homeland Security"

Marc Rotenberg, EPIC Executive Director ABA Homeland Security Committee Washington, DC June 17, 2009

June 9, 2009

EPIC Calls on FCC to Continue Privacy Commitments for Broadband Deployment

In response to a request from the Federal Communication Commission concerning the future of the US Broadband Infrastructure, EPIC urged the FCC to secure the privacy interests of consumers and Internet users. EPIC recommended the Commission desist from collecting personal information, adopt robust privacy safeguards, avoid use of Deep Packet Inspection, and require protections for electronic medical records. EPIC noted the long tradition of establishing privacy protections as new communications technologies emerged in the United States. EPIC previously advocated for the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. See EPIC's page on CPNI and Deep Packet Inspection and Privacy.

June 10, 2009

Rep. Markey, Paul Smith, D.J. Caruso Receive 2009 EPIC Champion of Freedom Awards

On the occasion of EPIC's 15th anniversary, EPIC awarded the 2009 Champion of Freedom Awards to Congressman Edward Markey, Supreme Court litigator Paul M. Smith and Hollywood director and producer D.J. Caruso. Slate Supreme Court correspondent Dahlia Lithwick emceed the event. Congressman Markey is a leading champion of privacy protections for all Americans. Paul Smith, a partner with Jenner & Block, has argued groundbreaking cases in the Supreme Court, defending privacy, freedom of expression, and voting rights. D.J. Caruso is the director of the hit movie Eagle Eye, about identification, automation, and surveillance in Washington D.C. Calling the award "an incredible honor", Caruso thanked the people at EPIC who "dedicate their lives to educating Americans and preserving our right to privacy."

June 11, 2009

Sotomayor Nomination Hearings To Begin July 13

Senate Judiciary Committee Chairman Patrick Leahy has set Judge Sonia Sotomayor’s Supreme Court nomination hearings for July 13. Judge Sotomayor is currently a Judge for the Second Circuit and was formerly a District Court judge in New York. EPIC has launched a new web page providing background on the nomination process, brief summaries of Sotomayor’s opinions that are relevant to privacy law, and various commentaries.

June 16, 2009

Senators Take a Pass on REAL ID

Senators Daniel K. Akaka (D-HI) and George V. Voinovich (R-OH) have introduced the Providing for Additional Security in States' Identification Act of 2009.  PASS ID, should it become law, would replace the controversial REAL ID Act of 2005. The REAL ID Act has faced ongoing criticisms from state governments, technical experts, and privacy advocates. In 2007 EPIC and the Privacy Coalition organized a national campaign against REAL ID implementation. The PASS ID proponents say the bill follows the recommendations of the 9/11 Commission for improving the security of drivers licenses while avoiding the problems of REAL ID. For more information on National ID, visit EPIC National ID and the REAL ID Act page.

Expert Group Asks Google to Improve Cloud Computing Privacy

A letter signed by 38 researchers and academics in the fields of computer science, information security and privacy law was sent to Google's CEO. The letter asks Google to uphold privacy promises made to users of Google Cloud Computing services. In March, EPIC filed a complaint with the FTC urging an investigation into Cloud Computing services, such as Google Docs, to determine "the adequacy of the privacy and security safeguards." The EPIC complaint specifically recommended the adoption of encryption to help safeguard privacy and security. Addressing concerns about data vulnerability and interception, the expert group has asked Google to enable HTTPS (web-based encryption) by default in several Google apps, including Gmail. See also EPIC's page on Cloud Computing and EPIC's Page on In re Google and Cloud Computing.

June 17, 2009

European Advisory Group Issues Opinion on Social Networking

The European expert group on data protection and privacy issued a guidance to Social Network Service providers on measures needed to ensure compliance with EU law. The key concern of the group is the dissemination and use of information available on such networks for secondary, unintended purposes. The opinion recommended robust security and privacy-friendly default settings. Topics included processing of sensitive data and images, advertising and direct marketing, and data retention. In January, EPIC suggested regulation of Social Network Service partners, including advertisers and application developers. See EPIC's Page on Social Networking Privacy.

EPIC Urges Comprehensive Strategy for ID Theft

With ID theft rapidly increasing in the United States, EPIC Executive Director Marc Rotenberg today urged a Congressional Committee to address the root causes of the problem. In testimony before the House Oversight Committee, Mr. Rotenberg said that the government typically acts only after the crime has occurred and warned that the problem will get worse if current trends continue. EPIC recommended a comprehensive strategy for ID Theft that would include: (1) Establishing privacy safeguards for web 2.0 services; (2) Ensuring privacy protections for outsourcing; (3) Enacting comprehensive privacy legislation; (4) Making privacy protection a focal point of cybersecurity policy; and (5) Developing better techniques for Identity Management. See EPIC pages on Identity Theft.

Congressional Hearing "Identity Theft: A Victims Bill of Rights"

Marc Rotenberg EPIC Executive Director House Committee on Oversight and Government Reform Washington, DC June 17, 2009

June 19, 2009

Supreme Court Rejects DNA Access to Prove Innocence

In a 5-4 decision, the Supreme Court rejected the constitutional right of a convicted individual to access his DNA to prove innocence. Chief Justice Roberts held that the task of harnessing "DNA's power to prove innocence without unnecessarily overthrowing the established system of criminal justice...belongs primarily to the legislature." Justice Stevens, writing for four of the justices in dissent, said that "a decision to recognize a limited right of postconviction access to DNA testing would not prevent the States from creating procedures [to] ensure [] that [it] is nonarbitrary." EPIC has filed several amicus briefs advocating limits on the collection and use of genetic material. However, EPIC has also stated that DNA evidence should be available to prove innocence. See EPIC's pages on District Attorney's Office v. Osborne and Genetic Privacy.

June 22, 2009

Workshop: Government 2.0: Privacy and Best Practices

Lillie Coney EPIC Associate Director DHS Data Privacy and Integrity Advisory Committee June 22-23, 2009

June 23, 2009

Airport Security Program Closes Operations - What Happens to the Data?

Verified Identity Pass, a company that provided the Registered Traveler program, under the brand name "Clear" shut down operation on June 22, 2009 citing inability to "negotiate an agreement with its senior creditor." The Clear program provided travelers who had undergone an extensive background check to go through special security lines at airports. The screening process required extensive data collection, including biometric identifiers, from passengers. The closure raises concern about the transfer of the customer data, which may be attached by creditors in a bankruptcy proceeding. Clear's Privacy Policy is silent on the issue. At a 2005 Congressional hearing, EPIC warned that the absence of Privacy Act safeguards would post a security risk to Clear customers. See also EPIC's page on Registered Traveler Card.

TSA Responds to Whole Body Imaging Objections

The Transportation Security Administration has replied to the Privacy Coalition statement on whole body imaging systems. The agency claims that the Privacy Impact Assessment (PIA) provides adequate protection. The Privacy Coalition letter pointed out that "the devices are designed to capture, record, and store detailed images of individuals undressed" and said that "If the public understood this, they would be outraged by the use of these devices by the US government on US citizens." The Privacy Coalition said that the use of the devices should be suspended pending an investigation. The letter was prompted by the TSA's announcement that Whole Body Imaging would replace metal detectors as the primary screening technique at US airports. The House of Representatives recently passed legislation that would establish clear privacy safeguards for the devices. See also EPIC's page on Whole Body Imaging.

June 25, 2009

Supreme Court: Strip-Search of Teenager Violated Constitutional Rights

The Supreme Court delivered a 8-1 opinion ruling that a strip-search of a thirteen-year-old girl by school officials looking for an ibuprofen tablet violated the Fourth Amendment. Justice Souter writing for the Court held that the search was unreasonable and that school searches are permissible when they are "not excessively intrusive in light of the age and sex of the student and the nature of the infraction." But a majority of the Justices also said that the school officials were not liable for damages because it had not been "clearly established" that the search was unlawful. Justices Stevens and Ginsburg disagreed and said that a previous Supreme Court case made clear that the search was "excessively intrusive." Justice Thomas wrote in dissent that the search was permissible. See also EPIC's page on Student Privacy.

June 29, 2009

Rod Beckstrom to Head ICANN

The Internet Corporation for Assigned Names and Numbers appointed Rod Beckstrom as its new CEO and president. ICANN manages the administration of the internet including assignment of domain names, IP addresses, preserving operational stability, and developing policies. Beckstrom is an author, entrepreneur, non-profit board member, and expert in decentralized organizations. He resigned as the Director of the National Cybersecurity Center in March 2009 warning of the increasing role of the National Security Agency in domestic security. See EPIC DNSSEC, EPIC WHOIS and The Public Voice.

Supreme Court Lets Stand New Hampshire Prescription Privacy Law

The Supreme Court refused to hear a challange to the Prescription Confidentiality Act, which prohibits the sale of prescription information. The First Circuit had upheld the ban on the sale of such information. EPIC and 16 experts in privacy and technology filed a "friend of the court" brief, in support of the law, detailing the substantial privacy interests in de-identified patient data. The petitioners claimed that the law infringed on their free speech rights. See EPIC IMS Health v. Ayotte.

House Committee Opens Investigation into Clear Data

Leaders of the House Homeland Security Committee sent a letter to the Transportation Security Administration regarding the bankruptcy of Verified Identity Pass, the parent company for the Clear registered traveler (RT) program. Clear was the largest RT program in the nation operating out of 20 airports with about 165,000 members.  The TSA established RT security, privacy and compliance standards for the Clear program and bolstered the company's credentials with the traveling public. The Clear RT application process collected a great deal of personal information from members, such as proof of legal name, data of birth, citizenship status, home address, place of birth, and gender. The information was used to pre-screen travelers for express service through airport security checkpoints.   The committee is investigating among other things: when the TSA became aware of the bankruptcy; whether they have asked the company for its plan regarding its RT data; if the agency is seeking a privacy impact assessment on the bankruptcy; and whether the agency has a contingency plan for safeguarding the data now that the company has gone out of business. See EPIC Air Travel Privacy and EPIC Secure Flight

Supreme Court Maintains California Financial Privacy Law

Today the Supreme Court denied review of the California law that provides customers with privacy safeguards for financial data. The law limits the sale of personal information by financial firms to affiliates, and imposes opt-in requirements. The Ninth Circuit upheld substantial portions of the California Financial Information Privacy Act. EPIC filed a brief in that case favoring the law. Financial firms argued that the California statute conflicts with other federal rules. The Justice Department recommended that the Supreme Court leave the state statute in place. See EPIC ABA v. Brown and EPIC Privacy and Preemption Watch.

About June 2009

This page contains all entries posted to epic.org in June 2009. They are listed from oldest to newest.

May 2009 is the previous archive.

July 2009 is the next archive.

Many more can be found on the main index page or by looking through the archives.