« February 2010 | Main | April 2010 »

March 2010 Archives

March 1, 2010

Congress Renews PATRIOT Act without Privacy Amendments

After months of debate, Congress has voted to extend the three expiring provisions of the USA PATRIOT Act for one year with no alteration. The provisions, concerning business records, roving wiretaps, and "lone wolf" investigations, give federal law enforcement agencies broad powers to gather information on Americans. Both the Senate and House Judiciary committees proposed bills to renew these provisions with reforms that would establish greater oversight, but neither bill went to a floor vote. For more information, see EPIC PATRIOT Act, EPIC PATRIOT Act Extension.

Judge Waits to Decide on Proposed Settlement in Facebook Privacy Case

Following a hearing last week, U.S. District Court Judge Seeborg reserved decision about the approval of Facebook’s proposed 9.5 million dollar settlement in a case involving Facebook Beacon. According to the settlement terms, Facebook would contribute about $6 million to the establishment of a privacy organization. Facebook, however, would maintain control over this organization, as Facebook's top lobbyist would become co-President and all significant decisions would require a unanimous vote. EPIC and several other privacy organizations, including the Consumer Federation of America and the Privacy Rights Clearinghouse, have written a letter to Judge Seeborg, ask him to reject the settlement as proposed. For more information, see EPIC: Facebook Privacy.

Third Annual Freedom of Information Day Celebration

Third Annual Freedom of Information Day Celebration

Marc Rotenberg,
EPIC Executive Director

Washington College of Law
Washington, DC
March 16, 2010

IAPP 10th Anniversary Webcast

IAPP 10th Anniversary Webcast

Marc Rotenberg,
EPIC Executive Director

National Press Club
Washington, DC
March 16, 2010

The GAO Calls for Further Analysis Before Deploying Whole Body Imaging Machines

The Government Accountability Office (GAO) recently released a report regarding the deployment of body scanners. The GAO cited its 2009 recommendations to the Transportation Security Administration (TSA): that the TSA conduct operational tests to ensure that the whole body imaging machines are reliable, and the that TSA conduct an assessment of the whole body imaging machines' vulnerabilities. In its latest report, the GAO warned TSA of the importance of full operational tests, citing the puffer machine debacle as an example of the government waste that results from insufficient operational testing. The GAO also expressed concern over TSA's lack of complete risk assessments and inability to "provide documentation to show how they have addressed the concerns raised in the 2009 GAO report regarding the susceptibility of the technology to terrorist tactics."  Because of this, the GAO concluded that it is unclear whether the body scanners or other technologies would have detected the weapon used in the December 25 attempted attack. For more information, see EPIC: Whole Body Imaging Technology and Body Scanners.

Supreme Court: Privacy Lawsuit Against Hustler Can Go Forward

Today the Supreme Court of the United States issued an order that will allow a privacy case against the Hustler Magazine to continue in lower courts. In March of 2008, less than a year after she was murdered by her wrestler husband, naked photos of Nancy Benoit were published in the magazine. Nancy Benoit's mother Maureen Toffoloni, sued the magazine, claiming that her daughter had asked immediately after the shoot to have the photos and video destroyed and believed that photographer Mark Samansky had done so. Hustler magazine asked the court to dismiss the action, arguing that publication of the pictures was protected by the First Amendment. The Appeals Court ruled against Hustler magazine in June, allowing the lawsuit to go forward. Hustler appealed the decision and the Supreme Court let stand the lower court's ruling.

March 2, 2010

EPIC Files Amended Complaint on Google Buzz

EPIC has filed a supplement to its earlier complaint with the Federal Trade Commission, urging the FTC to investigate Google Buzz.  EPIC's original complaint cited clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws." EPIC's supplemental complaint elaborates on the specific ways in which Google Buzz constituted a violation of Google's stated Privacy Policy for Gmail. For more information, see EPIC: In re Google Buzz.

White House Publishes Outline of Cyber Security Policies

The White House announced today that it has made a description of the Comprehensive National Cybersecurity Initiative (CNCI) available online for public viewing. The12 CNCI initiatives cover a wide range of government activity, from cyber education to intrusion detection. However, the text of the underlying legal authority for cybersecurity still remains secret. EPIC has been involved in ongoing litigation regarding a Freedom of Information Act request for the text of the critical cybersecurity document NSPD 54 that President Bush signed in 2008. For more information, see EPIC: EPIC Sues NSA to Force Disclosure of Cyber Security Authority and EPIC: EPIC Seeks Records on Google-NSA Relationship.

March 3, 2010

OECD Meeting

Marc Rotenberg,
EPIC, Executive Director

Katitza Rodriguez,
CSISAC Liaison

Paris, France
March 9-11, 2010

EPIC Files Supreme Court Brief for Petitioner Privacy

EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of those who sign petitions. In Doe v. Reed, the Court has been asked to determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC's brief argues that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. For more information, see EPIC Doe v. Reed.

March 4, 2010

Senate Confirms Julie Brill as FTC Commissioner

The Senate confirmed Julie Brill, former Vermont Assistant Attorney General, to fill a vacancy for FTC Commissioner. Brill served for over 20 years as Vermont’s Assistant Attorney General for Consumer Protection and Antitrust, and currently serves as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. Brill has had experience with several important consumer protection issues, including tobacco, food and drug, antitrust, and privacy and identity theft. Senator Leahy (D-VT) expressed support for Brill’s confirmation, proclaiming, “We again have an FTC that is on the side of the consumers. Julie Brill will help revitalize an FTC that has languished while consumers’ interests have given way to special interests.”

March 5, 2010

Senate Holds Hearing on Internet Freedom

The Judiciary Subcommittee on Human Rights and the Law held a hearing on "Global Internet Freedom and the Rule of Law," which focused on information technology industry business practices in countries that restrict the internet . The Senate hearing came one month after Secretary Clinton delivered a speech on internet freedom. Following the speech, EPIC and 29 experts of technology and privacy wrote a letter to Secretary Clinton, urging the United States to begin the process of ratifying the Council of Europe Convention on Privacy, which seeks to protect fundamental human rights as technology advances. EPIC made the same recommendation in statements for the record for a House hearing on Google and U.S. Cyberspace Policy, and for the Senate hearing on Internet Freedom. For more information, see Letter from State Department regarding Clinton Letter and EPIC’s NSPD-54 complaint.

March 8, 2010

EPIC Google Buzz Complaint Raises “A Number of Privacy Concerns” for the FTC

The FTC has sent a letter to EPIC regarding the February 2010 EPIC complaint about Google’s recently launched social networking tool, Google Buzz. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises interesting issues that relate to consumer expectations about the collection and use of their data.” Further, the FTC Director highlights the importance of having consumers “understand how their data will be used” and allowing consumers the “opportunity to exercise meaningful control over such uses.” EPIC has since filed an amended complaint with the FTC that describes how Google Buzz violated Google’s own privacy policy for Gmail. For more information, see EPIC: In re Google Buzz.

EPIC v. DHS: EPIC Obtains Complaints About Airport Body Scanners

In response to an EPIC Freedom of Information Act lawsuit, the Department of Homeland Security and the Transportation Security Administration (TSA) released more documents about body scanners in US airports. The documents include many complaints from travelers who went through the devices. Travelers reported that they were not told about the pat down alternative or that they were going to be subject to a body scan by TSA officials. Travelers also expressed concern about radiation risks to pregnant women and the image capture of young children without clothes. EPIC has previously obtained whole body imaging vendor contracts, operational requirements, and procurement specifications from TSA. EPIC and Ralph Nader have urged President Obama to suspend the program until an independent review is completed. For more information see EPIC: Whole Body Imaging Technology

March 9, 2010

German Court Declares Data Retention Law Unconstitutional

On March 2, 2010, the German Federal Constitutional Court ruled that a law allowing law enforcement authorities to store telephone and Internet data is inconsistent with the right to privacy under the German Constitution. The law allows data on calls and e-mail exchanges to be retained for six months, and made available for use by criminal authorities. The court found that the law went beyond the original intent of the directive the European Union enacted in March 2006. EPIC has documented the impact of data retention requirements. For more information, see EPIC’s webpage on data retention.

March 10, 2010

Massachusetts Data Protection Law Goes into Effect

Massachusetts’s new data protection law went into effect at the beginning of March. The law applies to all companies that own or license the personal information of Massachusetts residents. According to the new regulations, companies are now required to create a comprehensive security program that details how personal information will be safeguarded. Governor Deval Patrick stated, “Consumers should feel confident that their personal information is protected, and not exposed to loss or theft. These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.” For more information on privacy and identity theft, see EPIC: Identity Theft.

March 12, 2010

EPIC Recommends Privacy Safeguards for Smart Grid Services

In formal comments, EPIC urged the California Public Utility Commission to adopt privacy safeguards for Smart Grid systems to protect consumer electricity usage information from unauthorized collection, use, and disclosure. Smart Grid networks uniquely identify individual electrical appliances, and create new privacy risks. EPIC recommended that policies be established to protect consumer data, including limitations on data collection, new security standards, and independent oversight. For more information, see EPIC: Smart Grid.

March 15, 2010

Independent Open Government Audit Finds Mixed Results for Obama Administration

The National Security Archive at George Washington University has released the results of its annual government-wide FOIA audit. The audit tested agency responsiveness to President Obama's new directives on government transparency and openness. The Archive report concluded that less than half of federal agencies have responded to the new open government directives with concrete changes, and only four agencies "show both increases in releases and decreases in denials under the FOIA." Attorney General Eric Holder spoke today about the administration's FOIA record. For more information, see EPIC Open Government.

Netflix Cancels Contest over Privacy Concerns

Netflix canceled its second $1 million Netflix Prize after privacy concerns from the FTC and a federal lawsuit alleging invasion of privacy and violations of the Video Privacy Protection Act. The Netflix contest challenged contestants to find a superior movie-recommendation algorithm from “anonymized” datasets that included movie ratings, date of ratings, unique ID numbers for Netflix subscribers, and movie information. In 2006, during the first Netflix Prize contest, researchers conducted a study that revealed if a person has information about when and how a user rated six movies, that person can identify 99% of people in the Netflix database. After productive discussions with the FTC over reidentification concerns which stemmed from this study, Netflix and the federal agency reached an understanding on how Netflix would use user data in the future. Netflix also settled the VPPA lawsuit. For more information, see EPIC: Reidentification.

EPIC to Testify in Congress on Airport Security

EPIC has been asked to testify before the Subcommittee on Transportation Security and Infrastructure Protection on Wednesday, March 17, 2010. The hearing will examine "An Assessment of Checkpoint Security: Are Our Airports Keeping Passengers Safe?" EPIC is expected to discuss the documents it has recently obtained in an open government lawsuit against the DHS. For more information, see EPIC: Whole Body Imaging.

March 16, 2010

EPIC Publishes 2010 FOIA Gallery

In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2010. The gallery highlights key documents obtained by EPIC in the past year, including records detailing the privacy risks posed by airport body scanners, fraudulent "parental control" software, and federal agencies' contracts with social networking web sites. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.

Senators Leahy and Cornyn Introduce Bill to Reduce FOIA Delays

Senators Patrick Leahy and John Cornyn introduced the Faster FOIA Act, which would establish a panel to examine agency backlogs in processing FOIA requests. Government reports reveal substantial agency delays in disclosing FOIA records. The bill comes at the beginning of Sunshine Week, a national observance of the importance of open government. EPIC makes frequent use of the FOIA to obtain information about privacy issues. EPIC celebrated Sunshine Week by publishing the EPIC FOIA Gallery: 2010. For more, see EPIC: Open Government and EPIC Bookstore: FOIA.

March 17, 2010

EPIC Recommends Effective Consumer Privacy Standards, Calls Notice and Choice a "Failed Experiment"

At the third FTC Privacy Roundtable, EPIC senior counsel John Verdi will recommend that the Commission push forward with effective and meaningful privacy safeguards for American consumers. Mr. Verdi will say that the "notice and choice" approach has failed, and will recommend that the FTC enforce Fair Information Practices, such as the OECD Privacy Guidelines. The discussion can be viewed via webcast. Additional information on the FTC roundtable event can be found here. For more information, see EPIC In re Google Buzz, EPIC In re Facebook, and EPIC In re Google and Cloud Computing.

Identificación, identidad y vigilancia en América Latina

Identificación, identidad y vigilancia en América Latina

Katitza Rodriguez,
EPIC International Privacy Program Director

Universidad Autónoma del Estado de México
March 17, 2010

FCC Release National Broadband Plan, Privacy Strategy Unclear

The Federal Communications Commission (FCC) released its National Broadband Plan today. The FCC notes that “many users are increasingly concerned about their lack of control over sensitive personal data" and warns that "Innovation will suffer if a lack of trust exists between users and entities with which they interact over the internet.” The FCC makes several recommendations, but there is no clear plan to address growing concerns about cloud computing, smart grids and unfair and deceptive trade practices. Last year, EPIC urged the FCC to develop a comprehensive strategy for online privacy as part of the national broadband strategy.

March 18, 2010

EPIC Recommends That Congress Suspend Body Scanning Program

In testimony before the House Committee on Homeland Security, EPIC President Marc Rotenberg urged Congress to halt the plan to deploy body scanners in the nation's airports. "Based on the documents we've obtained, the views of experts, the concerns of  American, and the extraordinary cost, Congress should suspend the program," said Mr. Rotenberg. In a recent letter to President Obama, EPIC and Ralph Nader recommended an independent review to assess health impacts, privacy safeguards, and the actual effectiveness of the devices. Through FOIA litigation, EPIC has obtained technical specifications, vendor contracts, and hundreds of complaints from US air travelers about the body scanners (Part 1, Part 2, Part 3, Part 4, Part 5). A recent report from the GAO has also raised questions about the effectiveness and cost of the devices. For more information, see EPIC Whole Body Imaging and EPIC Air Travel Privacy.

March 22, 2010

EPIC Files Supreme Court Brief in Electronic Privacy Case

EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of public employees who use electronic communications devices. In City of Ontario v. Quon, the Supreme Court has been asked to determine whether a government employer can search the content of text messages sent from an employee's pager. EPIC's brief argues that data minimization practices should be applied to public sector searches because of the Fourth Amendment reasonableness requirement and the fact that employer-issued devices collect and store detailed personal information, including internet search history, text messages, emails, and locational data.  EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States, which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon.

PRIVACY.ORG Relaunches with New Features

PRIVACY.ORG, the first web site devoted exclusively to privacy issues, has a new look and new tools. PRIVACY.ORG provides daily updates on privacy stories in the news. PRIVACY.ORG features a Twitter news feed with all #privacy tweets. And PRIVACY.ORG highlights important campaigns, such as the current effort to suspend the deployment of airport body scanners. Twitter, Facebook, digg, Technorati, del.icio.us, and Linked In users can tag items to share with others. Researchers, reporters, policy makers, and consumers have helped make PRIVACY.ORG the top-ranked privacy site online today. Privacy.org is a joint project of the Electronic Privacy Information Center (EPIC) and Privacy International.

Federal Appeals Court to Hear Arguments in SSN Free Speech Case

The Fourth Circuit Court of Appeals will hold oral arguments on Tuesday, March 23 in the case of Ostergren v. McConnell. Betty Ostergren runs a website that republishes Social Security Numbers, collected from public records, to persuade Virginia lawmakers to stop releasing documents that reveal Social Security Numbers. EPIC filed a "friend of the court" brief in October, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Social Security Numbers.

March 23, 2010

State Legislators Vote Against Body Scanners

The Idaho House of Representatives has voted to limit use of digital strip search machines. The 58-9 vote sends Bill 573 to the Idaho Senate, which will vote on the anti-body scanner measure. The bill would bar body scanners as primary screening, require security officers to offer an alternative search, and mandate an independent investigation into the scanners' health risks. The bill's sponsor, Rep. Phil Hart, said “It’s my opinion that the use of these devices to screen every individual … would be an unreasonable search of those persons." For more, see EPIC Whole Body Imaging and EPIC Travel Privacy.

March 24, 2010

Worker Biometric ID Under Consideration in US

Senators Charles Schumer and Lindsey Graham have proposed a new national identity card. The Senators would require that "all U.S. citizens and legal immigrants who want jobs" obtain a "high-tech, fraud-proof Social Security card" with a unique biometric identifier. The card, they say, would not contain private information, medical information, or tracking techniques, and the biometric identifiers would not be stored in a government database. EPIC has testified in Congress and commented to federal agencies on the privacy and security risks associated with national identification systems and biometric identifiers. For more information, see EPIC: National ID and the REAL ID Act, EPIC: Biometric Identifiers, and the Privacy Coalition’s Campaign Against REAL ID.

March 25, 2010

"Privacy and the Smart Grid: How to Address Consumer Concerns Without Jeopardizing the Growth of the Grid"

"Privacy and the Smart Grid: How to Address Consumer Concerns Without Jeopardizing the Growth of the Grid"

Lillie Coney,
EPIC Associate Director

[Powerpoint Presentation]

Smart Grid Today
Web Conference
April 13, 2010

March 26, 2010

Following EPIC FOIA Request, Homeland Security Releases Privacy Study of Cybersecurity Project

The Department of Homeland Security (DHS) Privacy Office has released an unclassified version of the Privacy Impact Assessment (PIA) for the Initiative Three Exercise, a pilot exercise for the classified cybersecurity tool known as "EINSTEIN 3."  EINSTEIN 3 is the next generation of the U.S. Computer Emergency Readiness Team's intrusion detection and prevention system for the federal government, which will involve active monitoring of all network traffic to and from federal agencies. DHS has not released the full, classified PIA for the tool in either complete or redacted form, but instead drafted a different version for release to the public.  For more information, see EPIC Deep Packet Inspection, EPIC Critical Infrastructure Protection

GoDaddy Pulls out of China over Privacy Risks to Users

GoDaddy, the world’s largest internet domain name registrar, will no longer register domain names in China, due to new government rules for monitoring Internet use. China now requires every domain name registrant to provide photographs, business information, signed registration forms, and business registration numbers to the China Internet Network Information Center, a quasi-government agency. GoDaddy General Counsel Christine N. Jones stated, “The intent of the procedures appeared, to us, to be based on a desire by the Chinese authorities to exercise increased control over the subject matter of domain name registrations by Chinese nationals.” EPIC supports privacy for web site registrants and has worked with GoDaddy in the past to urge the US National Telecommunications and Information Administration to safeguard the right of Internet users to maintain private web site registrations. For more information on EPIC and domain name privacy, see EPIC: WHOIS.

Coalition Urges President Obama to Suspend "Digital Strip Search" Program

Civil liberties, consumer rights, air travel, and religious organizations have asked President Obama to "suspend the further deployment of body scanners in US airports." The organizations said that the scanners are "contributing to a negative perception of the United States" and noted the "sincerely held religious opposition to the digital undressing of air travelers by TSA officials." For more information, see EPIC: Whole Body Imaging, Stop Digital Strip Searches, and Privacy Coalition.

Facebook Announces Changes to Privacy Policy. Again.

Faceboook has announced "another set of revisions" to its privacy policy. The changes appear to make it easier for Facebook to gather locational data on users and to disclose user data to third-party web sites. It also appears that Facebook will make more use of data set to "Everyone." Facebook is soliciting comments on the changes. In December, EPIC filed a complaint with the FTC regarding the last series of changes to the Facebook privacy settings. EPIC, joined by nine other privacy and consumer organizations, said that the "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The FTC responded that the EPIC complaint "raises issues of paricular interest" to the Commission. For more information on the ever-changing Facebook privacy policy, see EPIC Facebook Privacy and EPIC In re Facebook.

March 29, 2010

Lawmakers Urge FTC to Investigate Google Buzz

Ten House Members have asked the Federal Trade Commission to pursue an investigation into the Google social networking service Buzz, given "Google's practice of automatically using consumers' e-mail address books to create contact lists for Buzz and then publicly disclosing the names of those private contacts" online. The lawmakers also asked the Commission to consider the privacy implications of Google's proposed acquisition of AdMob, the mobile phone advertising company. EPIC has filed a complaint with the FTC, asking the Commission to investigate Google Buzz. Previously, EPIC recommended that the FTC block Google's acquisition of Doubleclick, the banner advertising firm, because of the privacy implications. For more information, see EPIC: In re Google Buzz.

March 30, 2010

Congressional Leaders Press Obama on Privacy Board

Chairman Bennie Thompson and twenty members of the House of Representatives sent a letter to President Obama seeking the immediate nomination of members to the Privacy and Civil Liberties Oversight Board. The Privacy Board was active during the Bush Administration, but the Obama administration has moved slowly to reconstitute the advisory body. No hearings have been held and no reports have been issued. The board is intended to provide advice on the civil liberty implications of programs that effect the rights of citizens, such as the use of Whole Body Scanners by the TSA, biometic identifiers, and cyber security policy.

New Jersey Supreme Court Rules in Favor of Employee Privacy

The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief." For more information see EPIC: Workplace Privacy.

March 31, 2010

Inspector General: ID Theft Not a Priority at Justice Department

The Inspector General's Office released a new report on the Department of Justice's Efforts to Combat Identity Theft. The report states that identity theft is a growing problem, but the Justice Department's efforts to combat the crime have "faded as priorities." The Inspector General concludes that the Department has failed to develop a coordinated plan to combat identity theft since a 2007 task force report. In 2007, EPIC proposed  a comprehensive strategy to "address the root causes of identity theft: excessive data collection and lax security practices." For more information, see EPIC: Identity Theft.

About March 2010

This page contains all entries posted to epic.org in March 2010. They are listed from oldest to newest.

February 2010 is the previous archive.

April 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.