« October 2011 | Main | December 2011 »

November 2011 Archives

November 12, 2011

Fourth Amendment: Recent Developments

Marc Rotenberg,
EPIC Executive Director

Judicial Institute
Washington, DC
November 12, 2011

November 18, 2011

Georgetown 2011 Advanced eDiscovery Institute

Marc Rotenberg,
EPIC Executive Director

Georgetown University Law Center
Washington, DC
November 18, 2011

November 11, 2011

57th General Assembly of the Atlantic Treaty Association

57th General Assembly of the Atlantic Treaty Association

Amie Stepanovich,
EPIC National Security Counsel

Atlantic Treaty Association
Tirana, Albania
November 11-16, 2011

November 1, 2011

Report: Internet Privacy Tools Generally Fail at Protecting Privacy

A recent report by Carnegie Mellon University finds that internet privacy tools designed to protect consumers from online behavioral advertising are ineffective because they are difficult for users to understand and to configure. The researchers investigated whether users could protect themselves from online tracking by utilizing the privacy settings on popular web browsers, such as Firefox and Internet Explorer. The report also analyzed privacy tools such as Adblock Plus and IE9 Tracking Protection. The report found that the settings are confusing and that users are unable to make informed decisions. Further, unbeknownst to the average user, internet privacy tools' default settings largely fail at blocking online tracking. For more information, see EPIC: Online Tracking and Behavioral Profiling.

EPIC Asks Court to Require DHS Disclosure of Documents Detailing Body Scanner Radiation Risks

EPIC has filed a motion for summary judgment in EPIC v. DHS, No. 1:11-cv-01991-ABJ, a pending Freedom of Information Act lawsuit against the Department of Homeland Security for information about the radiation risks posed by body scanners. EPIC has asked the court to force the agency to disclose documents containing radiation testing results, agency fact sheets on body scanner radiation risks, and an image produced by the machines. A new report from ProPublica states that the "U.S. Government Glossed Over Cancer Concerns As It Rolled Out Airport X-Ray." EPIC has already obtained hundreds of pages of documents detailing the radiation risks presented by the machines. For more information, see EPIC: Body Scanners and Radiation Risks (FOIA).

November 7, 2011

"Social Technology and the Threat to Privacy"

"Social Technology and the Threat to Privacy"

Marc Rotenberg,
EPIC Executive Director

Washington College of Law
Washington, DC
November 7, 2011

November 4, 2011

Justice Department Revises FOIA Proposal, But Problems Remain

In response to widespread criticism from EPIC and other open government groups, the Department of Justice has agreed to withdraw one of its proposed Freedom of Information Act revisions. The section would have allowed the agency to make misrepresentations about the existence of documents subject to the FOIA. In extensive comments to the Department of Justice, EPIC said that the Justice Department proposal would undermine the FOIA and is contrary to law as well as the views expressed by the President and the Attorney General. But EPIC also pointed to proposed changes that would place new burdens on FOIA requesters, make it more difficult to qualify for educational and news media fee status, allow the agency to terminate FOIA requests, and even destroy records subject to FOIA. For more information see EPIC: Open Government.

Supreme Court to Hear Arguments in GPS Tracking Case

The United States Supreme Court will hear arguments on November 8 to determine whether the warrantless use of a GPS tracking device by the police violates the Fourth Amendment. EPIC filed a "friend of the court" brief in US v. Jones, urging the Supreme Court to uphold robust Fourth Amendment protections. Along with 30 legal and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment and requires judicial oversight. Arguing in support of a lower court decision, EPIC warned that, "it is critical that police access to GPS tracking be subject to a warrant requirement." The Supreme Court will consider both whether persistent GPS tracking constitutes a "search" and also whether the installation of a GPS tracking device on a private vehicle is a "seizure." For more information, see EPIC: US v. Jones, and EPIC: Location Privacy.

November 14, 2011

"The Surveillance State in Film--and Fact"

"The Surveillance State in Film--and Fact"

Marc Rotenberg,
EPIC Executive Director

Center for Research Program Development and Enrichment
University of Oklahoma
Norman, Oklahoma
November 14, 2011

November 9, 2011

Senator Akaka Calls for Major Reform to the Privacy Act of 1974

Senator Daniel Akaka (D-HA) has introduced the Privacy Act Modernization for the Information Age (PAMIA) Act of 2011 bill (S. 1732). The PAMIA Act would update the Privacy Act of 1974, the law that regulates the collection and use of personal information by federal agencies. Among other changes, the PAMIA Act would strengthen civil and criminal penalties for improper disclosure of information, update exceptions for when agencies do not have to notify individuals of record disclosures, and create a new Federal Chief Privacy Officer at the Office of Management and Budget. For more information, see EPIC: The Privacy Act of 1974.

Institute of Medicine: "To Improve Patient Safety, Health Information Technology Needs Better Oversight, Accountability"

According to a study conducted by the Institute of Medicine, software errors and defects in electronic health records pose threats to patient safety, and can even result in death. To combat the problem, the Institute recommends the establishment of an investigative agency, to be charged with examining and charting the safety performance of electronic health records in use, according to a press release from the National Academies panel. The Institute also recommends that clauses purported to "hold harmless" electronic health record suppliers be removed from their sales contracts. Although experts in the medical field acknowledge that this study is a positive step in regulating health information technology, the New York Times reports that some experts believe the Food and Drug Administration should regulate electronic health records safety. EPIC participated in a 2009 IOM study on Privacy and Medical Research. For more information, see EPIC: Medical Record Privacy.

FTC Enforces COPPA Against Website that Collected Children's Personal Information without Parental Consent

The Federal Trade Commission settled a complaint against the website Skid-e-kids after the operator violated both the Commission’s Children's Online Privacy Protection Act Rule and the website's own privacy policy by collecting personal information from approximately 5,600 children without obtaining prior parental consent. The settlement bars future violations of COPPA and misrepresentations about the collection and use of children’s information, and requires the operator to destroy information collected in violation of the Rule and to allow for oversight of any future website that he might run. Skid-e-kids is a social networking site that allows children ages 7-14 to create profiles, upload pictures and videos, and become friends with and send messages to other members. The Children's Online Privacy Protection Act requires that website operators obtain parental consent before they collect, use or disclose personal information from children under 13. EPIC's complaint regarding Facebook's facial recognition and EPIC's complaint regarding Facebook’s changes to its privacy settings are still pending before the FTC. For more information, see EPIC: Children's Online Privacy.

November 10, 2011

WSJ: Facebook Close to Settlement with FTC over EPIC Complaint

The Wall Street Journal reports that the Federal Trade Commission is finalizing a settlement with Facebook that follows from a complaint from EPIC and a coalition of US consumer and privacy organizations. In 2009, the organizations urged the Commission to investigate Facebook's decision to change its users' privacy settings which made the personal information of Facebook users more widely available to Facebook's business partners and the public. According to the Wall Street Journal, the settlement would require Facebook to obtain "express affirmative consent" if Facebook makes "material retroactive changes," and to submit to independent privacy audits for 20 years. For more information, see EPIC: In re Facebook, EPIC: Facebook Privacy and EPIC: Federal Trade Commission.

November 14, 2011

European Union Limits Use of Airport Body Scanners

The European Union has adopted strict new guidelines limiting the use of body scanners at EU airports. Under the new guidelines, European Union member states may only deploy airport body scanners if they comply with new regulations that protect health, privacy, and fundamental rights. The European Commission has also prohibited any devices that store, record, or transfer images of travelers as well as devices that display an image of the naked human body. As a result, backscatter x-ray devices are now effectively prohibited in airports in the European Union. The European Commission has also made clear that passengers may not be required to go through body scanners, following the conclusion reached by the federal appellate court in the United States in the EPIC v. DHS case, which held that passengers have a legal right to opt-out of body scanners. The body scanners have not done well during trials in Europe. Most recently a test in Germany found that the devices were ineffective. For more information, see EPIC: Whole Body Imaging Technology and EPIC: EPIC v. DHS (Suspension of the Body Scanner Program).

November 17, 2011

Federal Judge Orders Twitter to Turn Over Information About Wikileaks Supporters

A federal district judge in Virginia has ordered Twitter to make available to the Justice Department the personal information - including IP addresses, session times, and relationships between other Twitter users - of people who may have supported Wikileaks. In reaching this decision, Judge O'Grady relied on a revised version of Twitter's privacy policy, which was not in place when the users signed up. Under the Court's order the Department of Justice may obtain the data with a warrant under the Stored Communications Act. The targets of the Department of Justice's investigation are the WikiLeaks' Twitter account, and the accounts of three people connected to the group: Seattle coder and activist Jacob Appelbaum; Birgitta Jonsdottir, a member of Iceland's parliament; and Dutch businessman Rop Gonggrijp. EPIC has several FOIA requests pending with US federal agencies concerning the investigation of Wikileaks. For more information see EPIC: Social Networking Privacy.

Minnesota Supreme Court Limits Use of Baby DNA

The Minnesota Supreme Court has ruled that the state Genetic Privacy Act limits the use of blood samples collected from newborns. Minnesota initiated the Newborn Screening Program in 1965 in order to screen children for certain metabolic disorders. Over 73,000 samples are added to the database every year, but the sample were used for other purposes by the Department of Health and outside research organizations. In overruling a lower courts decision, the state Supreme Court found that the samples are "Genetic Information" under the State Genetic Privacy Act and held that "unless otherwise provided, the Department must have written informed consent to collect, use, store, or disseminate [the blood samples]." For more information, see EPIC: Genetic Privacy.

November 18, 2011

Congress, Public Call for TSA Reform

Republican Members of Congress have released "A Decade Later: A Call for TSA Reform," a staff report examining the effectiveness of the Transportation Security Administration, which was formed shortly after the September 11th attacks. The Report blasted the failure of the TSA to improve aviation security while spending billions dollars on ineffective equipment and programs including airport body scanners that are "easily thwarted." Over 30,800 people have signed a petition to the White House to abolish the TSA. The Obama Administration has promised to formally respond to any petition that receives 25,000 signatures (formerly 5,000). In a lawsuit filed by EPIC, a federal appellate court found that the TSA had violated the law by deploying full-body scanners at airports nationwide without first soliciting public comment. For more information, see EPIC: Whole Body Imaging Technology and Body Scanners.

November 22, 2011

FTC Publishes Performance Report

The Federal Trade Commission has issued the 2011 Performance and Accountability Report. The report summarizes the agency’s accomplishments, shows how the agency has managed its resources, and explains how it plans to address future changes. According to the FTC, during 2011 the agency exceeded its privacy goals by providing 52 comments to foreign consumer protection and privacy agencies, conducting 14 technical assistance missions, and hosting one international consumer protection fellow. The agency’s privacy goals for the coming year include "issu[ing] a final report on protecting consumer privacy," and "examin[ing] malware and spyware threats to mobile devices . . . and malware distributed through social networks." The FTC report made no mention of several pending complaints, including EPIC's 2009 complaint regarding the changes by Facebook to its users' privacy settings. For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Facial Recognition.

Court Rejects Privacy Class Action Deal, Holds that Settlement Distribution Should be Related to Nature of Lawsuit

A federal appeals court rejected a proposed settlement that would terminate a class action lawsuit brought by AOL users. The Court held that the proposed deal was inconsistent with the "cy pres" doctrine, a legal principle that allows courts to allocate funds to groups that protect the class' interests. The Court ruled that cy pres distributions should be based on the nature of the lawsuit, the objectives of the relevant law, and the interests of the class members including their geographic diversity. AOL users sued the company for inserting footers containing promotional messages into users' email messages. The lawsuit alleged violations of several laws, including the Electronic Communications Privacy Act. The parties settled the suit, agreeing to distribute $110,000 to several charities, none of which work to protect internet users' privacy. EPIC previously highlighted the dangers of improper cy pres distributions in Lane v. Facebook and In re: Google Buzz.

FTC Releases Agenda for Facial Recognition Workshop

The Federal Trade Commission has announced the agenda and panelists for a workshop exploring the privacy and security issues raised by the increased use of facial recognition technology. The workshop will be held December 8, 2011 at the FTC Conference Center, and will feature diverse panelists with consumer protection, privacy, business, international, and academic backgrounds. EPIC Senior Counsel John Verdi will speak on the panel "Facial Detection & Recognition: Exploring the Policy Implications." EPIC has a complaint pending before the FTC over Facebook's use of facial recognition technology to build a secret database of users' biometric data and to enable the company to automatically tag users in photos. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.

November 28, 2011

Supreme Court Hears Arguments in Constitutional "Standing" Case

The US Supreme Court heard arguments on Monday in First American Financial Corp. v. Edwards. At issue is whether Congress can pass a law that gives customers the ability to sue companies that engage in illegal kickback schemes for mortgage settlement services, or whether those customers must also show additional injury. A federal appeals court held that the existence of the kickback arrangement violated the Real Estate Settlement Procedures Act of 1974, and was an "injury in fact" for the Constitutional standing requirement. After several Internet firms filed a brief in support of First American Financial, arguing that privacy laws with similar enforcement provisions result in "no injury" claims, EPIC filed a brief in support of respondent and argued that enforcement provisions in federal statues are the cornerstone of federal privacy law. For more information, see EPIC: First American v. Edwards.

November 29, 2011

Federal Trade Commission to Announce Settlement in EPIC Facebook Privacy Complaint

The Federal Trade Commission has scheduled a 1:00 pm EDT press conference to announce a privacy settlement with Facebook, following a complaint that was filed by EPIC and other consumer and privacy organizations. More news to follow.

Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint

The Federal Trade Commission has announced an agreement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. In 2009, the EPIC first asked the FTC to investigate Facebook's decision to change its users' privacy settings in a way that made users' personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook’s business partners. The violations are also detailed in the FTC’s 8-count complaint against the company. The proposed settlement agreement bars Facebook from making future changes privacy settings without the affirmative consent of users and requires the company to implement a comprehensive privacy protection program and submit to independent privacy audits for 20 years. The settlement does not adopt EPIC's recommendation that Facebook restore users' privacy settings to pre-2009 levels. Facebook CEO Mark Zuckerberg reacted to the settlement in a post on Facebook's blog, saying that he was "first to admit that we've made a bunch of mistakes." For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.

November 30, 2011

EPIC to DHS: Proposed Expansion of "Routine Use" Exception is Unlawful

In comments to the Department of Homeland Security regarding a proposal to expand the Privacy Act "routine use" exemption, EPIC has said that the agency is exceeding its legal authority. The DHS is seeking to disclose information about current and former government employees, including members of the US Secret Service, for the the development of "civil, administrative, or background investigation." The information includes names, social security numbers, addresses, and dates of birth. The "routine use" exemption allows federal agencies to disclose personal information in their possession in certain, narrow circumstances, not for open-ended investigations. EPIC stated that the change would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." For more information, see EPIC: the Privacy Act of 1974.

About November 2011

This page contains all entries posted to epic.org in November 2011. They are listed from oldest to newest.

October 2011 is the previous archive.

December 2011 is the next archive.

Many more can be found on the main index page or by looking through the archives.