« August 2009 | Main | October 2009 »

September 2009 Archives

September 1, 2009

Privacy Groups Call for New Safeguards for Online Advertising

A coalition of consumer organizations is urging Congress to adopt new legislation for behavioral tracking and ad targeting. Led by the Center for Digital Democracy, the groups say that self-regulation has failed to protect privacy. The consumer groups have issued Principles on Online Behavioral Tracking and Targeting and an overview. Earlier this year, the FTC recommended new principles for online advertising but stopped short of  recommending legislation.

September 4, 2009

Federal Trade Commission Issues Statements on Google Books Settlement and Privacy

With the Google Books Settlement now under consideration in federal court, FTC Chairman John Liebowitz today issued a statement, calling attention to privacy concerns and the vast amount of consumer information that could be collected. The Chairman expressed the Commission's commitment to evaluating the privacy issues presented by Google Books, a sentiment that was echoed by Commissioner Pamela Jones Harbour in her statement. In a separate letter, FTC Consumer Protection Director David C. Vladeck urged Google to address consumer privacy concerns and to limit the secondary use of user data. For more information, see EPIC Google Books Settlement and Privacy.

EPIC Moves to Intervene in Google Book Settlement, Cites Absence of Privacy Safeguards

Today, EPIC filed papers in federal district court on the proposed settlement between Google, authors, and publishers. The Google Books settlement would create a single digital library, operated by Google, but currently fails to limit Google's use of the personal information collected. EPIC stated that the settlement "mandates the collection of the most intimate personal information, threatens well-established standards that safeguard intellectual freedom, and imperils longstanding Constitutional rights, including the right to read anonymously." EPIC further warned that the Google Books deal "threatens to eviscerate state library privacy laws that safeguard library patrons in the United States." EPIC has previously participated as a "friend of the court" in many cases involving privacy issues. PRESS RELEASE - Media Call at 1 pm ET, Friday (9/4/09). For more information, see EPIC Google Books Settlement and Privacy.

White House Announces New Transparency Policy for Visitor Logs

Today the White House announced a new policy to release the records of White House visitors, an initiative that is intended to promote open government. The White House will release information on all individuals who come to the White House for an appointment, a tour, or to conduct official business, with certain exceptions for confidential or particularly sensitive meetings. The White House agreed not to release visitors' personal information, such as dates of birth, social security numbers, or contact phone numbers. However, the White House will release the names of tourists and other visitors who are not meeting with government officials, which raises privacy questions. For more information, see EPIC's Open Government page.

September 8, 2009

Obama Administration Privacy Report Card Scheduled for Release at the National Press Club

EPIC will release  a Privacy Report Card at the National Press Club on Wednesday, September 9, 2009. Grades will be given to the Obama Administration for Consumer Privacy, Medical Privacy, Civil Liberties, and Cybersecurity. A Panel of experts will speak. In December 2008, the Privacy Coalition urged the President to address key privacy issues. For more information, see EPIC Media Alert.

September 9, 2009

EPIC Gives Obama Administration Mixed Grades for Privacy

EPIC released the Privacy Report Card for the Obama Administration at a morning briefing held at the National Press Club. EPIC gave the Administration an “Incomplete” for Consumer Privacy, A- for Medical Privacy, C+ for Civil Liberties, and a B for Cyber Security. Privacy Coalition members participating in the event included US PIRG, Consumer Federation of America, the Liberty Coalition, Association of American Physicians and, Surgeons, and the Bill of Rights Defense Committee. In December 2008, the Privacy Coalition urged the new Administration to address growing public concerns about privacy protection. EPIC's Consumer Privacy Issue Page.

September 11, 2009

New Report on Government Secrecy Released

The 2009 Secrecy Report Card, from Openthegovernment.org, chronicles slight decreases in government secrecy during the last year of the Bush-Cheney Administration. The report, released by a coalition of more than 70 open government advocates, also provides an overview of the Obama Administration’s proposed transparency policies. Among the issues discussed are the Open Government Directive, Classified Information, the Freedom of Information Act (FOIA) memo, signing statements, and the state secrets doctrine. For more on open government and transparency, see EPIC Open Government.

The Emergence of an International Framework for Privacy Protection-Next Steps

Marc Rotenberg,
EPIC Executive Director

University of Pittsburgh Graduate School of Public and International Affairs
Pittsburgh, PA
October 9, 2009

D is for Digitize

"D is for Digitize"

John Verdi,
EPIC Senior Counsel

New York Law School
New York, NY
October 9, 2009

European Privacy Seal Awarded to Online Ad Service and Video Anonymizer

The European Privacy Seal (EuroPriSe) has been awarded to two privacy services, following a review by privacy experts and an independent body. The first EuroPriSe was awarded to German company nugg.ad's Predictive Targeting Networking service, an online advertising service that follows principles of data avoidance and minimization by not maintaining multi-website tracking profiles, deleting IP address records, and offering a blocking cookie for users to opt out. The second certification was awarded to Austrian company Kiwi Security's KiwiVision Privacy Protector, a software module that performs real-time anonymization of video data by obfuscating faces, license plates, and other identifying imagery. For more on Privacy Enhancing Technologies, see EPIC Practical Privacy Tools.

September 15, 2009

California Moves to Strengthen Data Breach Law

The California State Legislature passed S.B. 20, a bill that would improve California's current security breach notification law. Senator Joe Simitian said S.B. 20 "is designed to make a good law better." Under current California law, a company that loses unencrypted personal information must notify affected consumers of the security breach. If signed by Governor Schwarzenegger, S.B. 20 would require that notifications include information that helps consumers safeguard their privacy. The bill is one more example of the many state efforts to address the growing problem of security breaches. In May, EPIC testified in Congress on the need to improve security breach notification.

EPIC Urges Appeals Court to Protect Prescription Data

EPIC filed a friend of the court brief in the Court of Appeals for the Second Circuit today, urging the judges to uphold a Vermont law that regulates companies that sell or use prescriber-identifiable data for marketing. Several data-mining companies challenged the law after it was upheld by a district court. EPIC's amicus brief supports the district court's conclusion. The EPIC brief argues that Vermont has a substantial state interest in privacy protection and that the data miners' de-identification practices do not, in fact, protect patient privacy. For more, see IMS Health v. Sorrell and EPIC Medical Privacy.

September 16, 2009

Federal Trade Commission to Host Privacy Roundtables

The Federal Trade Commission has announced a series of roundtables on consumer privacy, beginning December 7. These discussions will explore many issues, including consumer information collection, information management practices, new business practices, and the adequacy of existing privacy laws. Roundtable participants will include individuals from a wide range of related fields, including privacy and technology experts. The meetings are open and public comments are encouraged. EPIC has supported the FTC's privacy mission, but has also said that the agency needs to do a lot more to safeguard consumer privacy. For more information, see EPIC FTC page.

September 17, 2009

Administration Announces Cloud Computing Initiative, but Privacy Umbrella Missing

Chief Information Officer Vivek Kundra announced the launch of “Apps.gov”, a website where federal agencies can obtain cloud-based IT services. The initiative is aimed at "lowering the cost of government operations while driving innovation." Currently, the administration's main goal is to increase the size and scale of cloud computing, but key concerns, such as security and privacy, have received little attention. In March, EPIC filed a complaint with the FTC urging the agency to open and investigation into Cloud Computing services, such as Google Docs, to determine "the adequacy of the privacy and security safeguards." Subsequently, thirty-eight computer security researchers and privacy academics sent a letter to Google's CEO, asking Google to uphold privacy promises made to users of Google Cloud Computing services. The FTC investigation is ongoing; no response has been received from Google. For more information, see EPIC's page on “Cloud Computing”.

Massachusetts Supreme Court Requires Warrant for GPS Tracking

Today, the Massachusetts Supreme Judicial Court ruled that police must obtain a warrant before using GPS devices to monitor vehicles, as it constitutes a seizure under the Massachusetts Constitution. The court also imposed time limits on GPS monitoring, ruling that warrants will expire fifteen days after they are issued. A concurring opinion raised the issue of whether the use of a GPS is a "seizure" or a "search." EPIC filed a “friend of the court” brief (pdf) in the case, urging the court to adopt a warrant requirement. For more information, see EPIC Commonwealth v. Connolly.

PATRIOT Act Revisions Introduced in Senate

Today, Sen. Russ Feingold (D-WI) and seven cosponsors introduced the Judicious Use of Surveillance Tools In Counterterrorism Efforts (JUSTICE) Act. The bill would amend the PATRIOT Act, the FISA Amendments Act, and other surveillance and intelligence laws. Among other changes, the JUSTICE Act would reform the National Security Letter process, revise the guidelines for business records orders, eliminate the catch-all provision for "sneak-and-peek" searches, and add new safeguards for FISA roving wiretaps. The JUSTICE Act would also repeal retroactive immunity for telecommunications companies, and is supported by many civil liberties organizations. For more information, see EPIC USA PATRIOT Act, EPIC FISA, EPIC Wiretapping, and EPIC National Security Letters.

September 18, 2009

EPIC Renews Call for Release of Bush Warrantless Wiretap Memos

In court papers filed this week in Washington, DC, EPIC and the ACLU asked a federal judge now reviewing an open government case to consider the publication of the Inspectors General Unclassified Report on the President's Surveillance Program. EPIC and the ACLU are seeking the release of the relevant legal memos relating to the program, but the government contends that the entire matter is secret. However, the Inspector General's report, which is widely available, discusses several of the memos at issue in the case. EPIC filed the original request for the legal memos in December 2005 after the New York Times first reported on the warrantless wiretapping program. The case is EPIC v. Dep't of Justice.

Indiana Court Strikes Down State Voter ID Law

Yesterday, the Indiana Court of Appeals ruled that the Indiana Voter ID law, which requires certain individuals to present government-issued photo identification before they could vote, violates the state Constitution. The law is unconstitutional, the court held, because it “regulates voters in a manner that is not uniform and impartial.” The United States Supreme Court previously ruled that the law did not violate the federal Constitution, but did not address the law’s validity under the Indiana Constitution. EPIC and ten legal scholars and technical experts filed a “friend-of-the-court” brief in that case, urging the Court to invalidate the law because of its disparate impact and its reliance on REAL-ID, a "flawed federal identification system.” For more information, see Crawford v. Marion County Election Board and EPIC Voting Privacy.

EPIC Pursues DHS Official's Public Calendar

EPIC has filed a FOIA appeal with the Department of Homeland Security for the calendar of the Chief Privacy Officer. EPIC submitted the original request to find out why the DHS Privacy Officer could not meet with privacy groups in Washington, DC. The agency turned over many pages from the calendar, but the entries were all blacked out. In the appeal, EPIC said the agency has failed to comply with the open government law and also cited the President's commitment to government transparency concerning the activities of public officials. For more information, see EPIC Open Government.

September 21, 2009

Office of Legal Counsel Reaffirms Legality of Einstein 2.0

The Office of Legal Counsel has released two opinions regarding Einstein 2.0, the federal cyber-security initiative that monitors network activity. The Bush administration opinion concluded that Einstein 2.0 complied with the Constitution and applicable federal laws, provided that users are properly warned that it is operating. The Obama administration opinion, signed August 14, 2009, concurred with the earlier opinion, and also concluded that the system does not violate “state wiretapping or communications privacy laws.” EPIC has stated that Einstein should be subject to the Privacy Act. Also, documents previously obtained by EPIC under the Freedom of Information Act revealed that network monitoring tools often exceed their legal authority. For more information, see EPIC Carnivore (FBI tracking tool).

September 22, 2009

Facebook to End Beacon, Establish Privacy Foundation

Facebook has entered into a proposed agreement to end Beacon, the controversial advertising technique that broadcast user purchases in their public profile. EPIC and other privacy advocates objected to Beacon’s privacy implications and successfully persuaded Facebook to adopt opt-in for the service. Under the terms of a class-action lawsuit in California, Facebook will now terminate Beacon and contribute $9.5 million towards the creation of a foundation dedicated to protecting online privacy. A class-action lawsuit concerning Beacon is also pending in Texas. For more information, see EPIC Facebook Privacy and EPIC Testimony on the "Impact and Policy Implications of Spyware on Consumers and Businesses."

EPIC Reminds Homeland Security Agency to Publish Privacy Report

In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities. For more information, see EPIC’s Privacy Report Held Hostage page.

September 23, 2009

Department of Justice Limits Use of State Secrets Privilege

Today, the Department of Justice announced a new policy that limits the government’s use of the state secrets privilege. The state secrets privilege is a rule of evidence intended to prevent genuine matters of national security from being disclosed in open court. However, recently it has been misused by both the Bush and Obama administrations in order to derail litigation completely. For instance, in 2007 EPIC filed a “friend-of-the-court” brief in a warrantless wiretapping case, Hepting v. United States, in which the government argued that the case should be dismissed because it would reveal “state secrets.” Under the new policy, the privilege will be invoked only "to the extent necessary to protect against the risk of significant harm to national security." The Attorney General will also have to approve each determination. The State Secret Protection Act of 2009,  legislation with a similar purpose, is now pending in Congress. For more information, see EPIC Open Government.

September 24, 2009

Workshop on Federal Privacy Legislation

Workshop on Federal Privacy Legislation

Lillie Coney,
EPIC Associate Director

New York Law School
New York, NY
October 1, 2009

Internet Governance Forum-USA

Internet Governance Forum-United States

Katitza Rodriguez
Director, EPIC International Privacy Program

Center for Strategic and International Studies
Washington, DC
October 2, 2009

September 28, 2009

EPIC Celebrates International Right to Know Day

Today, EPIC celebrates International Right to Know Day, which was established to raise awareness of every individual's right of access to government-held information. EPIC is speaking at American University's Third Annual International Right-To-Know Day Celebration concerning opportunities to restore US leadership in government transparency. Recently, the Obama Administration announced revisions to the "state secrets" privilege and increased access to White House visitor records. Both initiatives aim to expand disclosure of information. Last week, EPIC filed papers to force the Department of Homeland Security to comply with federal open government law, citing the President's commitment to transparency. For more information, see EPIC Open Government and EPIC FOIA Litigation Manual 2008.

September 29, 2009

Leadership in a Time of Crisis

Marc Rotenberg,
EPIC Executive Director

ABA Student Division
Georgetown University Law Center
Washington, DC
October 3, 2009

EPIC to FTC: "Parental Control" Software Firm Gathers Data for Marketing

EPIC filed a complaint with the Federal Trade Commission against Echometrix, the developer of parental control software that monitors children’s online activity. Echometrix analyzes the information collected from children and sells the data to third parties for market-intelligence research. The EPIC complaint alleges that Echometrix engages in unfair and deceptive trade practices by representing that the software protects children online while simultaneously collecting and disclosing information about children's online activity. The complaint further alleges that Echometrix’s practices violate the Children’s Online Privacy Protection Act by collecting and disclosing information from children under the age of 13. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and ensure that Echometrix’s collection and disclosure practices comply with COPPA. For more information on the Children’s Online Privacy Protection Act, see EPIC COPPA.

House Committee to Consider Data Breach Bill

On September 30, the House Energy and Commerce Committee will consider a proposed federal law that would establish national standards for data breaches notifications. The Data Accountability and Trust Act (DATA) also regulates information brokers and requires companies to adopt security policies. The Senate is considering a similar bill that protects additional categories of consumer information. In May, EPIC testified before Congress on the DATA bill, highlighting the importance of regulating data brokers, but warning of the dangers posed by federal laws that preempt stronger state privacy safeguards. In May, President Obama stated that "executive departments and agencies should be mindful that in our Federal system, the citizens of the several States have distinctive circumstances and values, and that in many instances it is appropriate for them to apply to themselves rules and principles that reflect these circumstances and values." For more information, see EPIC Identity Theft.

September 30, 2009

House Committee Examines Future of Registered Traveler Program

A Congressional committee will hold a hearing today on the the Registered Traveler Program.  The program, which operated under the brand name "Clear," shut down and the company that operated it has declared bankruptcy, leaving open the question of what will happen to the biometric identifiers, including fingerprints and iris scans, that were obtained from customers.  The New York Times reports that the company's assets have been purchased and the program may restart within the year.  EPIC testified before Congress in 2005 that the absence of Privacy Act safeguards would jeopardize air traveler privacy and security.  See also EPIC Air Travel Privacy, EPIC Secure Flight, and EPIC Spotlight on Surveillance - Registered Traveler Card.

About September 2009

This page contains all entries posted to epic.org in September 2009. They are listed from oldest to newest.

August 2009 is the previous archive.

October 2009 is the next archive.

Many more can be found on the main index page or by looking through the archives.