« August 2011 | Main | October 2011 »

September 2011 Archives

September 15, 2011

Privacy Keynote

Marc Rotenberg,
EPIC Executive Director

IAPP Privacy Academy
Dallas, TX
September 15, 2011

September 13, 2011

"Which Way Google?"

Marc Rotenberg,
EPIC Executive Director

SMX East
Javits Center
New York, NY
September 13, 2011

September 1, 2011

Federal Appeals Court Holds Individuals Have a Right to Record Public Officials

In a case concerning the arrest of a person who used a cell phone camera to film a police officer, the First Circuit Court of Appeals has held in Glik v. City of Boston that the First Amendment protects "the filming of government officials engaged in their duties in a public place." The Court found that members of the public enjoy the same rights as credentialed members of the press, stating that "the public's right of access to information is coextensive with the press." The Court further held that, in arresting Glik, the City of Boston violated the Fourth Amendment probable cause requirement as there was no reason to believe that Gilk had violated any state law. EPIC agreed that the Massachusetts state wiretap law was not intended to limit the ability of the public to record police activity, but did not file an amicus brief in the case. For more information, see EPIC: EPIC Amicus Curiae Briefs.

California Passes Updated Data Breach Legislation

California has enacted Senate Bill 24, first introduced in 2001 by Senator Joe Simitian, which strengthens existing state breach notification law. Since 2002, California law has required data holders to notify individuals if their data is breached, but the law did not specify what information should be included in the notification. This new law specifies the information that should be provided, including instructions on how to contact credit agencies. The law also requires that the state Attorney General be notified in the event of a breach. EPIC testified in 2009 before the House Commerce Committee against "federal preemption" in national data breach legislation, citing important legislative innovations to protect consumers that take place in states such as California. For more information, see EPIC: ID Theft.

September 2, 2011

Citing Unreliability, Germany Rejects Airport Body Scanners

After extensive testing, Germany has decided not to deploy body scanners at the nation's airports. Germany field-tested the scanners with more than 800,000 passengers over ten months and concluded the devices produced too many false alarms and were not effective. In an interview with ABC News EPIC’s John Verdi said, "when they can't distinguish between body sweat and explosives, they aren’t making anyone safer." Italy also recently removed the scanners from airports after the Italian Civil Aviation Authority concluded that they were inaccurate and inconvenient. EPIC has petitioned a federal appeals court to rehear the organization's challenge to the controversial program, citing erroneous findings that the devices would detect liquid and powdered explosive. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program).

September 6, 2011

Public Poll: Americans Continue to Favor Civil Liberties in Post-9/11 Era

The Center for Public Affairs Research, a joint project of the Associated Press and the National Opinion Research Center, has published "Civil Liberties and Security: 10 Years After 9/11." The detailed report analyzed public opinions on national security and civil liberties issues a decade after 9/11. The survey found that Americans are divided on the war on terrorism. Of those surveyed, 86% said that the events following 9/11 have had some impact on their individual rights and freedoms. A majority also said that the protection of civil liberties should take priority over national security, and only 23% favored the government’s warrantless wiretapping program. For more information, see EPIC: The 9/11 Commission Report and EPIC: Public Opinion on Privacy.

September 7, 2011

DC Circuit Court Grants Access to Cell Phone Surveillance Records

The Circuit Court for the District of Columbia has ruled that the Department of Justice must release information regarding government surveillance of cell phone location data. The American Civil Liberties Union had filed a Freedom of Information Act request for information regarding current and past cases where the Department of Justice had accessed cell phone location data without a warrant. The agency sought to keep this information secret, claiming that releasing cell phone tracking data could implicate privacy of investigation subjects. The court, however, disagreed, stating, "The disclosure sought by the plaintiffs would inform this ongoing public policy discussion by shedding light on the scope and effectiveness of cell phone tracking as a law enforcement tool." For more information, see EPIC: Wiretapping and EPIC: Electronic Surveillance 1968-2010.

September 8, 2011

EPIC Urges FTC to Examine YouTube Search Rankings Following Google Acquisition

EPIC sent a letter to the FTC urging the Trade Commission to investigate the extent to which Google has used its dominance in the search market to influence the marketplace of online video content. EPIC pointed specifically to the Google acquisition of YouTube and the change in the YouTube search rankings that followed. EPIC said that Google substituted its own subjective, "relevance" ranking in place of objective search criteria, such as "Hits" or "Rankings," to preference Google's own video material over non-Google material. EPIC's letter includes detailed examples using the search term "privacy." Google has acknowledged that the Commission has opened an investigation into the company's business practices for possible antitrust violations. EPIC previously testified before the Senate Judiciary Antitrust Subcommittee on Google's growing dominance of essential Internet services. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission.

September 9, 2011

EPIC to Appeal Security Agency's Non-response in FOIA Lawsuit

EPIC has filed a notice of appeal in EPIC v. NSA, a recent court decision that allowed the National Security Agency to neither confirm or deny the existence of government records EPIC sought under the Freedom of Information Act. EPIC is seeking information about the relationship between Google and the NSA, which could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users. The NSA provided a "Glomar Response," a controversial legal claim that allows federal agencies to conceal the existence of records that might otherwise be subject to public disclosure. In related FOIA matters, EPIC is also seeking government documents relating to the NSA's cybersecurity authority and the NSA's "Perfect Citizen" program. For more information, see EPIC: Open Government.

US and European Consumer Groups Oppose Latest Industry Proposal for Self-Regulation

The Transatlantic Consumer Dialogue has sent a letter to U.S. and European Union officials, urging them to reject an advertising industry proposal to protect online privacy through self-regulation. The industry proposal relies on opt-out techniques that force consumers to click on small icons, hidden on the websites they visit. The TACD letter described the icon regime as “inadequate,” and said that it “is an insufficient means of [giving] notice to a user about the wide range of data collection that they routinely face.” In 1998, EPIC conducted the first evaluation of industry self-regulation to protect online privacy and concluded that "Notice is Not Enough." For more information, see EPIC: Online Tracking and Behavioral Profiling, and EPIC: FTC.

September 12, 2011

In FOIA Body Scanner Litigation, EPIC "Substantially Prevails," as Court Awards Fees to EPIC

A Federal Court has ruled that EPIC "substantially prevailed" in its open government lawsuit against the Department of Homeland Security for information about the agency's airport body scanner program and has awarded attorneys fees to EPIC. EPIC's Freedom of Information Act case led to the disclosure of hundreds of pages of documents, including procurement specifications, operational requirements, contracts, and traveler complaints and revealed that the machines are designed to store and transfer images. The Court found that "The records disclosed to the plaintiff in the course of this litigation have provided a public benefit in that they were covered extensively in the news and cited frequently as a news source during the public debate surrounding the use of whole body imaging devices in airports." EPIC had also asked the Court to reconsider an earlier ruling, in light of a recent Supreme Court FOIA decision Milner v. Dept. of Navy. The Court denied that request. For more information, see EPIC: EPIC v. DHS (FOIA, Body Scanners) and EPIC: EPIC v. DHS (Suspension of the Body Scanner Program).

September 14, 2011

EPIC Warns Congress of Cybersecurity Risks to Consumers

EPIC Executive Director Marc Rotenberg testified today before the House Subcommittee on Financial Institutions and Consumer Credit. EPIC highlighted several recent high-profile data breaches, including those involving the digital security certificates used to authenticate websites, that have compromised the private data of thousands of consumers. Citing reports from the Privacy Rights Clearinghouse, EPIC's Rotenberg said "These attacks on financial institutions produce both direct and indirect costs for consumers who must contend with the risk of identity theft and financial fraud." EPIC previously testified before the Senate Banking Committee on cybersecurity in the financial sector and the growing threat to consumer data. For more information, see EPIC: Cybersecurity and Privacy. Webcast.

EPIC Urges Federal Appeals Court to Protect Employees from Covert Video Recording

EPIC Senior Counsel John Verdi argued before the Third Circuit Court of Appeals in Doe v. Luzerne County that secretive video surveillance, coupled with the storage and dissemination of sensitive personal information, violates the right to information privacy and should not be permitted. The case involves a Jane Doe police deputy who is suing to recover monetary damages for privacy violations. A coworker captured semi-nude video footage of Ms. Doe without her consent during a mandatory decontamination shower. The digital footage was uploaded onto a government computer and disclosed over the municipal network. EPIC argued that the case "presents novel privacy issues involving new technology" and that "the District Court failed to appreciate the unique damage caused by unlawful disclosures over computer networks." EPIC previously filed an amicus brief in the case. For more, see EPIC: Doe v. Luzerne.

U.S. and European Consumer Groups Encourage Congress to Learn from EU Data Directive

The Transatlantic Consumer Dialog, a coalition of 85 organizations from America and Europe sent a letter today to the House Subcommittee on Commerce, Manufacturing and Trade on the eve of a hearing on the EU's approach to protecting Internet privacy. The TACD letter pointed out that "US privacy laws lag woefully behind current technology and business practices" and encouraged Congress to "learn from a fair and balanced review of the EU Data Directive, just as the EU has learned much from the US experience." According to TACD, the EU Data Directive is a concise, technology-neutral legal framework that promotes trade, protects privacy, and is less burdensome than such US privacy laws as "HIPAA." EPIC is a member of TACD. For more information, see EPIC: EU Data Protection Directive.

September 15, 2011

Federal Trade Commission Proposes New Rules for Children’s Online Privacy

Today the FTC proposed new rules for the Children’s Online Privacy Protection Act. The FTC rules would revise the definition of Personally Identifiable Information to include identifiers such as cookies and IP addresses, video and audio files containing a child's image or voice, and geolocation information. The new rules also contain data minimization and deletion requirements that promote Internet security, as well as simplified methods of obtaining parental consent for data collection, such as electronic submission and video verification. EPIC Executive Director Marc Rotenberg said that the proposed rules were "a well-reasoned and innovative approach to online privacy." EPIC had previously testified before the Senate and submitted comments to the agency. EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: Children’s Online Privacy.

September 17, 2011

EPIC Slams Homeland Security For ID Regs That Harm The Homeless

EPIC filed comments today against the Department of Homeland Security's REAL ID compliance requirements, noting the recent death of college basketball legend Lewis Brown, who could not afford a state identification card. The DHS prohibits individuals from flying on commercial airlines without federally approved identification documents. According to the New York Times, Brown was sick with cancer and homeless but had not yet raised enough money to pay for the ID card so that he could see his family. EPIC's letter demanded that the DHS report annually on the number of people who are prevented from seeing family members because of the ID requirement For more information, see EPIC: REAL ID.

September 20, 2011

FTC Announces Workshop on Facial Recognition Technology

The Federal Trade Commission announced that it will host a workshop on December 8, 2011, on the privacy and security issues raised by the increasing use of facial recognition technology. Facial recognition technology has been used by Facebook to build a secret data base of users’ biometric data and to enable Facebook to automatically tag users in photos. The Army has also used facial recognition technology to collect biometric data from Iraqi and Afghan civilians at checkpoints, workplaces, the sites of attacks, and door-to-door canvasses. EPIC, Privacy International, and Human Rights Watch wrote to the US Secretary Defense in 2007 to warn that the system could lead to reprisals and further killings. Police agencies are also using facial recognition to identity political protesters. EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, EPIC: Face Recognition, and EPIC: Iraqi Biometric Identification System.

September 21, 2011

Senate Holds Hearing on Google’s Anticompetitive Practices

Today's Senate Judiciary Committee hearing "The Power of Google: Serving Consumers or Threatening Competition?” examined Google’s use of its dominance in the search market to suppress competition. The company’s executive chairman, Eric Schmidt, testified on the first panel, while witnesses from Google’s rivals Yelp and Nextag appeared on the second panel. The hearing covered a wide range of issues, including search bias, Google’s proprietary search algorithm, and the downgrading of search rankings. EPIC testified before the the same committee in 2009 on Google’s growing dominance of essential Internet services, and recently sent a letter to the Federal Trade Commission regarding Google’s biasing of Youtube search rankings to give preferential treatment to its own video content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission.

September 22, 2011

EPIC Asks Court to Require DHS Disclosure of Mobile Body Scanner Documents

EPIC has filed a motion for summary judgment in EPIC v. DHS, No. 1:11-cv-00945-ABJ, a FOIA case against the Department of Homeland Security for information about the planned expansion of the body scanner program. EPIC has asked the court to force the agency to disclose documents containing communications with Rapiscan and other vendors about the deployment of mobile body scanners. EPIC has already obtained hundreds of pages of documents describing how the agency is exploring the use of body scanners on people who travel by train, attend sporting events, enter federal buildings, or travel along public highways. For more information, see: EPIC: Body Scanner Technology and EPIC: FOIA Note #20.

Netflix Attacks Consumer Privacy Law

Today Netflix announced that it has launched a DC lobbbying campaign against a federal privacy law that protects customer video rental information. The company, which is already under fire for dramatic hikes in the subscription price of its once popular DVD rental program, now claims that the privacy law prevents Facebook users from posting information about NetFlix on Facebook. According to OpenSecrets, operated by the Center for Responsive Politics, Netflix has ramped up its Washington influence, spending almost $200,000 in 2011, up from $20,000 in 2009. EPIC has described the Video Privacy Protection Act as "one of the strongest protections of consumer privacy against a specific form of data collection." The law always had an exception for user consent, which means that Facebook users are free to disclose information about the videos they rent. But NetFlix wants "blanket consent" so that all Netflix use will be posted routinely to Facebook. For more information, see EPIC: Video Privacy Protection Act.

September 26, 2011

Sen. Schumer Calls for Investigation into “brazen” OnStar Privacy Violation

Senator Charles Schumer (D-NY) wrote a letter to the Federal Trade Commission requesting an investigation into OnStar's announcement that it would track the location of its customers' vehicles even after the customers canceled their service. OnStar also reserved the right to sell such locational information to advertisers. In an interview with FOX News last week, EPIC Executive Director Marc Rotenberg warned that the company would make data of former customers available to third parties. For more information, see EPIC: Locational Privacy.

EPIC, Coalition Seeks Investigation of New FBI ID Program and "Secure Communities"

A coalition of civil liberties and civil rights organizations have asked the Inspector General of the Department of Justice to investigate the FBI's Next Generation Identification program, a "billion-dollar initiative to create the world's largest biometric database." The 70 organizations, including EPIC, have also urged an assessment of "Secure Communities," the mismanaged federal deportation effort. Several states, including Illinois, Massachusetts, and New York, have already withdrawn from the DHS program. For more information, see EPIC - "Secure Communitities."

Data Breach Legislation Moves Forward in the Senate

Three data breach bills are headed to the Senate floor after a favorable vote in the Senate Judiciary Committee. The bills [S. 1151, S. 1535, S. 1408] set out a variety of approaches to protecting user data and warning users when personal data is improperly released. Testifying recently before the Senate and the House, EPIC has supported new measures for online privacy but warned against a federal law that would "preempt" stronger state laws.

September 27, 2011

Lawmakers Say Undeletable Supercookies Raise "Serious Privacy Concerns"

Representatives Joe Barton (R-TX) and Ed Markey (D-MA) wrote a letter asking the FTC to investigate whether the use of "supercookie" - cookies placed on users' computers by websites such as Hulu.com that cannot be deleted -constitutes an unfair or deceptive business practice. The representatives called this kind of tracking "unacceptable" and said that the cookies "take away consumer control over their own personal information." EPIC had earlier opposed the White House's use of persistent Google Analytics cookies that track users for up to two years and supported opt-in requirements for Internet tracking techniques that are transparent for the user and easily disabled. For more information, see EPIC: Cookies and EPIC: Federal Trade Commission.

September 28, 2011

Documents Obtained by EPIC Reveal FBI Watch List Details

EPIC has obtained documents that reveal new details about standards for adding and removing names from the FBI watch list. The documents were obtained as the result of an EPIC Freedom of Information Act request to the Federal Bureau of Investigation. The FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. Also, individuals may remain on the FBI watch list even if charges are dropped or a case is dismissed. The New York Times broke the story and posted the documents obtained by EPIC. For more information, see EPIC: FBI Watch List FOIA and EPIC: Open Government.

Bankrupt Borders Sells Customer Data to Barnes & Noble

A bankruptcy court in New York has approved the sale of customer information, including email addresses, phone numbers, mailing addresses, and birthdates, from Borders to Barnes & Noble, following an earlier determination that the transfer violated Border's privacy policy. The judge has now required that former Borders customers receive an email notification and that the companies place prominent notices on their web sites and take outs ads in USA Today. Customers will have 15 days to opt-out of the transfer.

September 29, 2011

EPIC-Led Coalition Calls for FTC Facebook Investigation

EPIC, joined by other privacy, consumer, and civil liberties groups, which include the American Civil Liberties Union, Consumer Action, American Library Association, and the Center for Digital Democracy asked the Federal Trade Commission to investigate Facebook. Facebook had been secretly tracking users after they logged off of Facebook’s webpage, and had recently announced changes in business practices that “[gave] the company far greater ability to disclose the personal information of its users to its business partners...” EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: Facebook Privacy and EPIC: Federal Trade Commission.

September 30, 2011

Seventh Circuit Court Hears Oral Argument in Students' Privacy Case

The US Court of Appeals for the Seventh Circuit heard oral arguments today in Chicago Tribune v. University of Illinois. EPIC filed a "friend of the court" brief in the case, which concerns student privacy rights protected by the Family Educational Rights and Privacy Act ("FERPA"). EPIC's brief argued that Congress intended to protect student records, including admissions files, from unauthorized release and that Illinois' open government law must yield to the federal privacy law. In this case, the Tribune requested documents from the University of Illinois, under Illinois' open government law, while investigating alleged corruption in the admissions practices of the University. The University denied the Tribune's request, stating that the requested documents contained the personally identifiable information of students and were thereby protected by federal law. A lower federal court found that Illinois law required the documents to be released. The Depart of Justice also filed a brief in support of student privacy in the case. For more information, see EPIC: Chicago Tribune v. University of Illinois and EPIC: Student Privacy.

About September 2011

This page contains all entries posted to epic.org in September 2011. They are listed from oldest to newest.

August 2011 is the previous archive.

October 2011 is the next archive.

Many more can be found on the main index page or by looking through the archives.