« December 2009 | Main | February 2010 »

January 2010 Archives

January 5, 2010

President Obama Cites Intelligence Failure in Christmas Day Plot

Today President Obama discussed the airplane attack on Christmas Day. The President pledged to investigate and address intelligence failures that allowed an Al Qaeda operative to board a plane with an explosive device. President Obama stated "this was not a failure to collect intelligence, it was a failure to integrate and understand the intelligence we already had." The President said that steps would be taken to improve watch lists. The President also recommended "smarter screening" at the nation's airports, but did not endorse an expansion of whole body imaging devices. For more information, see EPIC: Whole Body Imaging Technology, EPIC's Spotlight on Surveillance, and FB Group: Stop Airport Strip Searches.

January 6, 2010

"Invasion of the Body Scanners"

Marc Rotenberg,
EPIC Executive Director

PKN11::Pecha Kucha Night Brussels
Brussels, Belgium
January 28, 2010

FTC Tells FCC it is Pursuing EPIC's Cloud Computing Complaint

The Federal Trade Commission is urging the Federal Communications Commission to consider the privacy implications of cloud computing in formulating the National Broadband Plan, due to Congress next month. The FTC interest into cloud computing was prompted by an EPIC complaint to the FTC in March 2009, in which EPIC described numerous privacy and security risk involving cloud-based applications. A subsequent letter from computer researchers and security experts supported EPIC's findings. For more information, see EPIC: Cloud Computing.

January 8, 2010

"Body Scanners and Privacy"

EPIC Panel Discussion

Prof. Anita Allen
James Bamford
Prof. Jeffrey Rosen
Marc Rotenberg
Bruce Schneier

National Press Club
Washington, DC
January 25, 2010

January 11, 2010

EPIC Obtains Documents about Body Scanners

As a result of a Freedom of Information Act lawsuit, EPIC has obtained the TSA technical specifications and the vendor contracts for Whole Body Imaging devices, commonly called "body scanners." The documents reveal that TSA mandated that the devices have hard disk storage, USB access, and ethernet connectivity. The documents obtained by EPIC also detail a "Level Z" authority for TSA that allows the security agency to disable privacy filters and to export raw image files. The documents will be posted later today. EPIC is pursuing other information from the agency, including policy guidance. For more information, see EPIC's Whole Body Imaging page.

UPDATE - EPIC Posts TSA Documents on Body Scanners

EPIC has posted more than 250 pages of documents it obtained in  a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search images of Americans. This contradicts assurances made by the TSA. The documents include TSA Procurement Specifications, TSA Operational Requirements, TSA contract with L3, TSA contract with Rapiscan (1), and TSA contract with Rapiscan (2). The DHS has withheld other documents that EPIC is seeking. For more information, see EPIC: Whole Body Imaging Technology and EPIC: Open Government.

January 12, 2010

Top European Justice Official Opposes Body Scanners

In widely reported remarks, Viviane Reding, the Justice Minister for the 27-member European Union, has expressed opposition to the US proposal to deploy body scanners. Minister Reding told the European Parliament, "Our citizens are not objects. They are human beings." Ms. Reding also emphasized data protection and the Charter of Fundamental Rights, which establishes new rights for EU citizens, including a right to information privacy. Previous post-9/11 disputes between the US and the EU have involved the transfer of Passenger Name Records and financial information. For more information, see EPIC Passenger Profiling.

January 13, 2010

UPDATE - EPIC Sues Dept. of Homeland Security, Demands Additional Documents About Airport Body Scanners

EPIC has filed a second FOIA lawsuit, demanding the release of the full resolution images captured by airport "digital strip search" machines. EPIC's suit against the Department of Homeland Security also seeks records detailing air traveler complaints and security breaches that may have exposed data to unauthorized individuals. The TSA  has called for mandatory use of the body scanners in all US airports. A prior EPIC lawsuit forced the disclosure of documents that reveal that TSA officials can disable privacy filters and export raw image files. For more information, see EPIC Whole Body Imaging Technology and EPIC Open Government.

January 14, 2010

Privacy Groups File Amended Complaint regarding Facebook

EPIC and several other groups filed a supplement to the groups' original complaint with the Federal Trade Commission concerning Facebook’s recent privacy changes. The new complaint provides additional evidence of Facebook’s unfair and deceptive trade practices relating to Facebook CEO's public statements, the most recent version of the Facebook for iPhone application, Facebook Connect, and "web-suicide" applications. The complaint also offers numerous examples of media stories and blog posts in support of an investigation by the Federal Trade Commission into Facebook’s unfair and deceptive trade practices. For more information, see EPIC: In re Facebook.

January 15, 2010

Constitutional amendments: Challenges and legal views

Katitza Rodriguez,
EPIC International Privacy Program Director

Mexican House of Representatives 
Mexico DF
January 28, 2010

January 19, 2010

FTC Privacy Roundtable: Exploring Existing Regulatory Frameworks

Exploring Privacy: A Roundtable Series

Lillie Coney,
EPIC Associate Director

University of California, Berkeley, School of Law
Booth Auditorium, Boalt Hall
Berkeley, CA
January 28, 2010

Canadian Privacy Commission to Investigate Facebook

Canada’s Privacy Commissioner Jennifer Stoddart has launched an investigation into the information collection and use practices of online social networking sites. This investigation is being conducted as the Parliament prepares to review the Personal Information Protection and Electronic Documents Act. Stoddart plans to examine “issues that we feel pose a serious challenge to the privacy of consumers, now and in the near future,” and to foster discussions about "the impact of these technological developments on privacy." This is not the first time the Commissioner has investigated the information practices of Facebook. In August 2009, Facebook made several changes to its privacy policy, following recommendations by the Commissioner and a complaint filed by the Canadian Internet Policy and Public Interest Clinic. For more information, see EPIC: Facebook Privacy and EPIC: Social Networking Privacy.

EPIC’s Facebook Complaint of "particular interest" to FTC

The FTC has sent a letter to EPIC regarding the December 2009 complaint, submitted by privacy organizations, about Facebook’s recent changes to user privacy settings. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises issues of particular interest” for the FTC. Further, Vladeck stresses the importance of providing “transparency about how this data is being handled, maintained, shared, and protected . . . .” The Commission, however, cannot confirm or deny whether an investigation has been launched. The letter came one day before EPIC filed a supplemental complaint regarding Facebook’s privacy practices. For more information, see EPIC: In re Facebook.

EPIC, Privacy Groups Oppose Facebook Settlement

EPIC and other privacy groups sent a letter to the federal judge overseeing a class-action settlement against Facebook in California, opposing the settlement as unfair and unreasonable. As proposed, the settlement does not provide any benefit for Facebook users whose private data was illegally exposed by Facebook "Beacon." Instead, the deal would create a new "privacy foundation" subject to Facebook's influence. Fair settlements typically provide compensation to class members or a remedy that addresses the underlying harm, which in this case was a violation of federal privacy law. The letter from EPIC proposes alternatives that would enable stronger privacy safeguards for Facebook users in the future. For more information, see EPIC Facebook Privacy, EPIC Harris v. Blockbuster.

January 20, 2010

Microsoft to Delete Search Data after Six Months, Following Recommendation by European Privacy Officials

In order to comply with European privacy law, Microsoft announced that it will delete user search data, including IP addresses, after six months. In 2008 the Article 29 Working Group, which includes data protection officials across the European Union, met with Microsoft, Google, and Yahoo to discuss their data retention practices. Following a determination that records are subject to European privacy law, the Article 29 Working Group asked the search engine companies to eliminate online user data, including IP addresses and search queries, after six months. Microsoft will redesign its new Bing search engine to comply with the request. It is unclear at this point what Google and Yahoo will do. In early 2008, EPIC urged the European Parliament to protect the privacy of search histories. For more information, see EPIC: Search Engine Privacy.

Congress Begins Hearings on the "Trouser Bomber" and Intelligence Reform

The Senate Judiciary Committee and the Senate Committee on Homeland Security opened hearings today on airline security and the intelligence failure on December 25. Questions about privacy and civil liberties were raised frequently by senators. Specifically, senators asked about the adequacy of privacy safeguards for the body scanners, database profiling, biometric identification, and the status of the President's Civil Liberties and Privacy Oversight Board. According to documents obtained by EPIC through a Freedom of Information Act request, the body scanners ordered by the TSA are designed to store and record images of American air travelers. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.”

January 21, 2010

Inspector General Finds "Egregious Breakdown" in FBI Oversight

The Department of Justice Office of the Inspector General has issued a report on the FBI's use of "exigent letters" and other means to obtain telephone records from three unnamed phone companies. The 300-page report concludes that many of the FBI's practices "violated FBI guidelines, Department policy," and the Electronic Communications Privacy Act. The report also found that "the FBI sought and acquired reporters' telephone toll billing records and calling activity information" through improper means. The report concludes that "the FBI's initial attempts at corrective action were seriously deficient, ill-conceived, and poorly executed" and makes several recommendations for improvement. In a 2007 letter to the Senate Judiciary Committee, EPIC recommended that the FBI's National Security Letter authority be repealed. For more information, see EPIC National Security Letters.

European Union Rejects US Demands on Body Scanners

EU President Alfredo Perez Rubalcaba announced today that European countries would not rush to install body scanners as the United States has urged. He said that there will first be studies to determine whether the devices "are effective, do not harm health, and do not violate privacy." The European countries have agreed that they will adopt a unified position on the body scanner proposal. European Minister Viviane Reding stated that "Europe's need for security cannot justify an invasion of privacy. Our citizens are not objects: they are human beings." Previous post-9/11 disputes between the US and the EU have involved the transfer of Passenger Name Records and financial information. The European position in the current dispute is strengthened by the recent adoption of the Lisbon Treaty and the entry into force of the Charter of Fundmental Rights. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.” For more information, see EPIC: Whole Body Imaging Technology.

January 24, 2010

Experts to Speak at National Press Club about Body Scanners

Leading privacy law scholars Anita Allen and Jeffrey Rosen, acclaimed author and surveillance authority James Bamford, world renowned security technologist Bruce Schneier, and EPIC President Marc Rotenberg will be at the National Press Club,  on Monday, January 25 at 8:30 a.m. for a panel discussion on "Body Scanners and Privacy." The event takes place as Congress is in the middle of hearings to determine whether to deploy full body imaging devices in US airports.

January 27, 2010

EPIC Honors US Privacy Advocate Beth Givens

EPIC has given the 2010 US Privacy Champion Award to Beth Givens, the founder and director of the Privacy Rights Clearinghouse in San Diego, California. Established in 1992 to provide information to consumers about privacy issues and to advocate on behalf of consumers, the Privacy Rights Clearinghouse has emerged as a leading defender of privacy rights in the United States. The Privacy Rights Clearinghouse provides extensive services to consumers and makes privacy fact sheets available in both English and Spanish. In receiving the award from EPIC, Ms. Givens was recognized as a "tireless champion for the rights of consumers."

January 28, 2010

Experts Urge Secretary Clinton to Act on International Privacy Convention

Twenty-nine experts in privacy and technology have sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. More than forty countries have ratified the Convention, which was opened for signature on January 28, 1981. The letter calls attention to Secretary Clinton's recent remarks on Internet Freedom and the Madrid Declaration in which civil society groups have urged countries that have not yet ratified the Council of Europe Convention to do so as soon as possible. The signatories state, "privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all."

EPIC Urges FTC to Protect Users' Privacy On Cloud Computing and Social Networking Services

EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission's “lack of leadership and technical expertise.” EPIC's comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy.

EPIC Honors Michael Kirby

EPIC presented the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980. The OECD Guidelines consist of eight principles that have provided the basis for national laws, international agreements, and privacy frameworks that have been adopted around the world. "The international privacy community owes Justice Kirby a huge debt for his critical role working with leading experts from North America, Europe and Asia to develop the Guidelines,” said Jennifer Stoddart, Privacy Commissioner of Canada. The Award will be presented to Justice Kirby at the OECD in Paris on March 10, 2010. The 2009 EPIC International Privacy Champion Award was given to Italian jurist Professor Stefano Rodota. The 2010 EPIC US Privacy Champion Award was given to Beth Givens, founder and director of the Privacy Rights Clearinghouse in San Diego, California.

EPIC Urges Increased Privacy for "Global Entry" Registered Traveler Program

On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.

About January 2010

This page contains all entries posted to epic.org in January 2010. They are listed from oldest to newest.

December 2009 is the previous archive.

February 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.