« November 2013 | Main | January 2014 »

December 2013 Archives

December 2, 2013

Willis Ware, Tech Innovator, Privacy Pioneer, Dies at 93

Willis Ware, who helped usher in the computer age and provided the foundation for modern privacy law, passed recently at his home in Santa Monica. He was 93. An electronic engineer by training, Ware had worked with John von Neumann at Princeton on the early designs for digital processing. Fascinated by the social impact of computer technology, he turned quickly to the key challenge of privacy protection. In 1973, as the chair of an influential government committee that was wrestling with the increased automation of record keeping, Ware conceived of "Fair Information Practices", the allocation of rights and responsibilities in the collection and use of personal data. The report "Records, Computers and the Rights of Citizens" became the foundation of the Privacy Act of 1974, the most comprehensive privacy law ever enacted in the United States. Ware also served as chairman of the Security and Privacy Board, established by Congress in 1987, that helped loosen controls on the public use of cryptography in the 1990s and made possible the adoption of critical security technologies for the Internet. Ware joined the EPIC Advisory Board not long after the organization was established in 1994, and received the EPIC Lifetime Achievement Award in 2012. For more information, see EPIC: Willis Ware.

FTC Announces 2014 Privacy Workshops

The Federal Trade Commission has announced a series of workshops on emerging consumer privacy issues. The series will "shine a light on new trends in Big Data and their impact on consumer privacy" and includes three topics: the use of mobile devices to track users in real space; predictive scoring algorithms that determine access to products and offers; and consumer-generated health data that falls outside HIPAA. The FTC has invited comments from the public on the proposed topics for the spring workshops. The FTC recently concluded a workshop on the Internet of Things, for which EPIC submitted comments. EPIC has also urged the Commission to enforce its prior consent orders, to incorporate the Consumer Privacy Bill of Rights in privacy settlements, and to respect public comments on proposed settlements. For more information, see EPIC: Federal Trade Commission.

December 5, 2013

"Latest FERPA Updates & Amendments: What Educators Need to Know"

"Latest FERPA Updates & Amendments: What Educators Need to Know"

Khaliah Barnes,
EPIC Administrative Law Counsel

Progressive Business Executive Education Webinar
December 5, 2013

December 6, 2013

"Fordham Center on Law and Information Policy: Workshop on Privacy and Cloud Computing in Public Schools"

"Fordham Center on Law and Information Policy: Workshop on Privacy and Cloud Computing in Public Schools"

Khaliah Barnes,
EPIC Administrative Law Counsel

Microsoft Policy & Innovation Center
Washington, D.C.
December 6, 2013

December 5, 2013

Lights Out for Flashlight App Developer in Privacy Case

The Federal Trade Commission announced a settlement with the developer of a flashlight app for Android mobile devices that deceptively collected and then disclosed consumers' personal information to third parties. "Brightest Flashlight Free" secretly collected location information and unique identifiers from users and then provided that information to third parties, including advertising networks. The developer even even included a dummy privacy setting that had no actual effect. The settlement prohibits the company from misrepresentations and requires it to obtain the affirmative express consent of consumers before using and disclosing personal information. Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said the flashlight app left users "in the dark about how their information was going to be used." EPIC has previously commented on mobile privacy issues before the FTC, emphasizing the importance of the Fair Information Practices. For more information, see EPIC: Federal Trade Commission.

December 6, 2013

White House Proposes New Open Government Plan

The Obama Administration has released a preview of the Open Government National Action Plan, which sets out commitments to improve the public’s access to information and improve government information management. The report covers a wide range of topics, including efforts to improve public participation in government, proposals to modernize management of government records and update the Freedom of Information Act (FOIA), as well as plans to transform the security classification system, increase transparency of foreign intelligence surveillance activities, make privacy compliance information more accessible, and strengthen protections for whistleblowers. Regarding the FOIA, the Administration proposes to establish a FOIA modernization committee, improve training for government employees, and develop a unified online FOIA system. If adopted, the proposed commitments would clarify the records requesting process and make the FOIA more accessible to the public. EPIC joined other open government organizations to advise the Administration on modernizing the FOIA. EPIC also regularly comments on proposed changes to agency FOIA regulations. For more information, see EPIC: Open Government.

Nation Mourns Death of Nelson Mandela, World Leader who Appeared on US "Terrorist" Watch List

Former President of South Africa Nelson Mandela has died. He is revered in the US and around the world for helping to bring about the end of apartheid, for leading his country into a new era, and for championing the cause of human rights. Until 2008, Mr. Mandela, a member of the African National Congress and a winner of the Nobel Peace Prize, also appeared on the US "Terrorist" Watch List. Documents obtained by EPIC under the Freedom of Information Act in 2012 revealed a broad legal standard that allows the US to place someone on the Terrorist Watch List virtually forever. Mr. Mandela's name was taken off the list in 2008 by a formal act of Congress. Approximately 700,000 people are currently tracked by the US Terrorist Screening Center. For more information, see EPIC: FBI Watchlist (National Terrorist Screening Center) and EPIC: Mandela and Privacy.

December 12, 2013

Protecting Human Rights: Are Drones the New Sheriff in Town?

Protecting Human Rights: Are Drones the New Sheriff in Town?

Amie Stepanovich,
Director, EPIC Domestic Surveillance Project

American Bar Association
December 12, 2013

December 9, 2013

EPIC Asks Federal Court to Require Immediate Release of Government Surveillance Reports

EPIC has filed a Freedom of Information Act lawsuit for the reports that detail the NSA's collection of call record information from US telephone companies. Citing the Department of Justice's failure to comply with EPIC original EPIC's FOIA Request and the urgency to inform the public, EPIC has also filed a motion for a preliminary injunction, asking a federal judge to rule within 20 days on EPIC’s legal claims. EPIC is seeking the reports that the Justice Department has routinely prepared for Congress but never made available to the public. The Foreign Intelligence Surveillance Court, relying on these reports, has approved the bulk, suspicionless collection of Internet and e-mail data, which is now widely debated. For more information, see EPIC: EPIC v. DOJ (Pen Register / Trap and Trace).

December 10, 2013

Next Privacy Multistakeholder Process to Focus on Facial Recognition

The National Telecommunications and Information Administration has announced that the next privacy multistakeholder process will focus on "privacy safeguards for the use of facial recognition technology." The process was designed by the Obama Administration to apply the Consumer Privacy Bill of Rights to industry, and recently developed a voluntary code of conduct regarding mobile app transparency. In comments to the agency, EPIC recommended that the CPBR be codified in the form of comprehensive privacy legislation. For more information, see EPIC: NTIA Multistakeholder Process.

Spotlight: FBI Pushes Forward with Massive Biometric Database Despite Privacy Risks

EPIC's Spotlight on Surveillance Project returns to put the spotlight on the Federal Bureau of Investigation's Next Generation Identification program. A billion dollar project to increase the Bureau's ability to collect biometric identifiers on millions of individuals in the United States. The FBI is currently adding facial, iris, and voice identification techniques that will greatly increase the Bureau’s ability to pursue mass surveillance. EPIC is pursuing a Freedom of Information Act lawsuit to learn more about the program. Many of the techniques now being deployed in the US were developed by the US Department of Defense for war zones. EPIC has urged greater Congressional oversight of the program and new privacy safeguards. See EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program.

December 11, 2013

EPIC Supports Petition Urging FCC to Protect Phone Record Privacy

EPIC has joined a petition to the Federal Communications Commission, organized by Public Knowledge, that asks the FCC to rule that the sale of consumer phone records to the government is a violation of the federal Communications Act. Last month, EPIC urged the FCC to determine whether AT&T violated the Communications Act when it sold private consumer call detail information to the Drug Enforcement Administration and Central Intelligence Agency. And in June, following the initial Snowden disclosure, EPIC wrote to the FCC to explain that Verizon had likely violated the Communications Act when it disclosed telephone records to the NSA. EPIC has also long supported the FCC's consumer privacy enforcement authority, filing amicus briefs in significant cases, including US West v. FCC and NCTA v. FCC, to defend the agency’s privacy regulations. For more information, see EPIC: CPNI (Customer Proprietary Network Information), EPIC: Foreign Intelligence Surveillance Act.

December 12, 2013

EPIC Files Privacy Complaint to Protect Student Data

EPIC has filed an extensive complaint with the Federal Trade Commission concerning the business practices of Scholarships.com. The company encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. The company claims that it uses this information to locate scholarships and financial aid. Scholarships.com, however, transfers the data to a business affiliate American Student Marketing, which in turn sells the data for general marketing purposes. EPIC alleges that this is an unfair and deceptive trade practice. EPIC’s complaint also alleges that Scholarships.com’s failure to use reasonable security practices is an unfair trade practices. EPIC has asked the FTC to require the company to change its business practices. Earlier this year, EPIC urged Congress to restore privacy protections for student data following recent changes to the Family Educational Rights and Privacy Act. For more information, see: EPIC: Student Privacy.

December 13, 2013

Presidential Task Force to Recommend Changes at NSA

The Review Group on Intelligence and Communications Technologies, established to recommend surveillance reforms, will send a final report to the President this Sunday. According to one news article, the task force will recommend putting a civilian leader in charge of NSA, separating out the code-breaking "Information Assurance Directorate," and splitting the U.S. Cyber Command off into a separate military unit. The Review Group will also recommend new limits on the NSA’s ability to search telephone call records, proposing that telephone records be stored with a third party rather than the NSA. The group will also recommend safeguards for the data of European citizens, and restrictions on the use of National Security Letters. Earlier this year, EPIC filed a petition with the U.S. Supreme Court, supported by legal scholars and former members of the Church Committee, arguing that the NSA bulk collection program was unlawful. For more information, see EPIC: Foreign Intelligence Surveillance Act, EPIC: Foreign Intelligence Surveillance Act Reform, and EPIC: In re EPIC.

Senate Confirms Judge Wald for Privacy Oversight Board

The Senate confirmed the reappointment of Judge Patricia M. Wald to the Privacy and Civil Liberties Oversight Board. Judge Wald's current term was set to expire next month, but President Obama re-nominated her on March 21, 2013. Last year, EPIC recommended that the Oversight Board, consistent with its mandate, pursue a broad agenda, including (1) suspension of the Fusion Center Program ; (2) limiting closed-circuit television surveillance; (3) eliminating the use of body scanners; (4) establishing privacy regulations for drones; (5) improving Information Sharing Environment (ISE) and Suspicious Activity Reporting (SARS) Standards; and (6) Privacy Act adherence. More recently, EPIC addressed the Board at a workshop on NSA Surveillance. And in response to a public rulemaking, EPIC also provided extensive comments on a proposed rule governing the Board's Freedom of Information Act practices. The Board adopted nearly all of EPIC's recommendations on transparency. For more information, See EPIC: Foreign Intelligence Surveillance Act and EPIC: Open Government.

EPIC Urges Clarification of NSA's Role in Cybersecurity

EPIC has submitted comments on the National Institute of Standards and Technology's cybersecurity policy proposal. Pursuant to an Executive Order, the federal agency is charged with defining a "cybersecurity framework" for the federal government. EPIC reiterated previous comments that emphasized civilian control, adherence to the Fair Information Practices, and compliance with the Privacy Act and Freedom of Information Act. In light of revelations that the National Security Agency's has weakened key security standards, EPIC urged NIST to clarify the NSA's involvement in the development of the federal policy. For more information, see EPIC: Cybersecurity Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).

December 16, 2013

Justice Department Inspector General Warns of Increased Data Collection

The yearend report from the Inspector General at the Department of Justice points to new privacy and civil liberties concerns. The report Top Management and Performance Challenges Facing the Department of Justice - 2013 finds that "technological advances, particularly in the realm of communications technology, have vastly increased the amount of data potentially available to law enforcement agencies , . . ." The report observes that "significant public attention has been paid to programs authorizing the acquisition of national security information, but relatively less has been paid to the storing, handling, and use of that information. " The analysis concludes, "As the Department continues to acquire, store, and use national security information, these issues will arise more and more frequently, and the Department must ensure that civil rights and liberties are not transgressed." Earlier reports from the Inspector General found misuse of National Security Letter authority by the FBI.

Federal Judge Enjoins Telephone Metadata Program, NSA Likely Violated Fourth Amendment

A federal judge today issued an injunction against the NSA telephone record collection program. Judge Leon ruled that the plaintiffs "have a substantial likelihood of showing that their privacy interest outweigh the Governments interest in collecting and analyzing bulk telephony metadata and therefore the NSA's Bulk Metadata program is indeed an unreasonable search under the Fourth Amendment." Judge Leon also stressed that "While Congress has great latitude to create statutory schemes like FISA, it may not hang a cloak of secrecy over the Constitution." This is the first court opinion issued on the controversial surveillance program. EPIC filed a Petition in the U.S. Supreme Court challenging the legality of the the program, shortly after the disclosure earlier this summer. The decision of the district court will be stayed pending an appeal by the government to the DC Circuit Court of Appeals. For more information, see In re EPIC and EPIC: FISC Verizon Order.

December 17, 2013

EPIC Appeals Secrecy of Presidential Cybersecurity Directive

EPIC has filed a notice of appeal with the D.C. Circuit Court of Appeals in EPIC v. NSA. In that case, EPIC sought NSPD 54, a presidential policy directive outlining the scope of the NSA's authority over computer networks in the United States. A federal district court ruled that the directive is not subject to the Freedom of Information Act because it was not under "the control" of the federal agencies and officials who received it. It is the only time a federal court has ruled that presidential directives in the possession of federal agencies are not subject to the FOIA. EPIC is appealing the decision. For more information, see EPIC v. NSA: Cybersecurity Authority

"Privacy" is 2013 Word of the Year

Dictionary.com has named "privacy" the 2013 word of the year. Noting the Snowden disclosures about NSA surveillance, the release of Google Glass, and the changing privacy policies of Internet companies, Dictionary.com wrote "The discussion of privacy - what it is and what it isn’t - embodies the preeminent concerns of 2013." The major privacy events in 2013 are displayed in this Infographic. The site also noted a Time word banishment poll which found that "twerk" is the number #1 most people would like banished. Close behind were "hashtag," "selfie," and "swagger."

December 18, 2013

EPIC's Amie Stepanovich Named as Co-Chair for 2014 Computers, Freedom, and Privacy

The 2014 Computers, Freedom, and Privacy conference will be co-chaired by EPIC's Amie Stepanovich. Stepanovich is the Director of EPIC's Domestic Surveillance Project. She is the third staff member at EPIC to co-chair CFP. The first CFP conference was held in San Francisco in 1991 under the auspices of the Computer Professional for Social Responsibility. CFP was the first conference that brought together the law enforcement and hacker communities, with technical experts, legal scholars, and policy makers to explore the world of "cyberspace." Lorrie Cranor wrote a ten-year report on CFP in 2000. A sister conference Computers, Data Protection, and Privacy takes place in Brussels in January 2014. The 2014 CFP conference will be held in Washington, DC. For more information, see Computers, Freedom, and Privacy.

Senate Report Shines Light on How Data Brokers Operate

A Senate Committee Majority Staff report released today highlights the oft-concealed practices of Data Brokers. The report finds that data brokers lack transparency and collect sensitive personal information, while individuals lack basic rights to know what data is collected or how it is used. The brokers, the report notes, prevent business customers from revealing how data is obtained. The report also exposed how personal information is often used to target the financially vulnerable. Thus far, the data broker industry has largely escaped federal regulation. In 2009, EPIC testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's complaint to the FTC against data broker Choicepoint lead to a $10 million settlement. For more information, see EPIC: ChoicePoint and EPIC: Federal Trade Commission.

December 19, 2013

Expert Panel Calls for End of NSA Bulk Data Collection

The President's Review Group on Intelligence and Communications Technologies has concluded that the NSA’s collection of bulk telephone records should end. In a sweeping report "Liberty and Security in a Changing World," the review panel set out 46 recommendations, which would limit NSA surveillance, expand judicial oversight, create new transparency requirements, update federal privacy laws, and create a new privacy agency. Other recommendations include the application of the Privacy Act of 1974 to both U.S. and non-U.S. persons, support for strong encryption techniques, and the cessation of U.S. practice of stockpiling software vulnerabilities known as "zero day" exploits. Earlier this year, EPIC met with the review group and submitted extensive comments to the panel, specifically urging the end of the bulk record collection program. EPIC had earlier petitioned the Supreme Court to find the program unlawful. For more information, see EPIC: In re EPIC - NSA Telephone Record Surveillance.

Company Adds Encryption to Website After EPIC Files Complaint

Following EPIC's complaint to the Federal Trade Commission about Scholarships.com, the company has improved security on its website. Scholarships.com encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. The company claims that it uses this information to locate scholarships and financial aid. In fact, the company transfers the data to a business affiliate American Student Marketing, which in turn sells the data for general marketing purposes. EPIC's complaint to the FTC alleged that Scholarships.com’s failure to use reasonable security practices is an unfair trade practice. The company has since implemented HTTPS. For more information, see EPIC: Student Privacy.

December 20, 2013

Authors Issue Declaration Against Mass Surveillance

More than 500 leading writers from around the world have endorsed the declaration "A Stand for Democracy in the Digital Age." The Writers against Mass Surveillance stated that "A person under surveillance is no longer free; a society under surveillance is no longer a democracy." The declaration was issued in December 10, 2013, International Human Rights Day. Article 12 of the Universal Declaration of Human Rights establishes privacy as fundamental right. EPIC has urged the United States to ratify Council of Europe Convention 108 — the Privacy Convention. For more information see Public Voice - The Madrid Declaration, EPIC - Council of Europe Privacy Convention.

December 30, 2013

Federal Appeals Court Rules Against Google in Street View Case, Denies Rehearing

The Ninth Circuit Court has denied Google's petition for rehearing en banc in Joffe v. Google, a suit brought by individuals whose private Wi-Fi communications, including passwords and other sensitive information, were intercepted by Google. The appeals court previously found that Wi-Fi "payload" data are not exempt from protection under the Wiretap Act. EPIC filed an amicus brief in the case, arguing that Wi-Fi communications "are not 'broadcast' like traditional radio communications; they are sent from one device to another directly and there is nothing about the typical configuration of a Wi-Fi device to suggest that users expect that their communications between these devices would be 'readily accessible to the general public.'" Google recently reached a $7-million settlement with the attorneys general of 38 states and the District of Columbia over the Street View collection. For more information, see EPIC: Joffe v. Google and EPIC: Investigations of Google Street View.

NY Judge Rules NSA Program Legal, Split Emerges Among Courts

A federal judge in New York has ruled that the NSA's telephone metadata program is legal. The ruling comes less than two weeks after a federal judge in Washington, DC issued an injunction against the telephone record collection program—calling it an "unreasonable search under the Fourth Amendment." The opinions create a split amongst the district courts as to the legality of the NSA's program. Both opinions are expected to be appealed. The President's Review Group recently released its report recommending the end of the NSA's bulk collection of telephony metadata. EPIC filed a Petition in the U.S. Supreme Court challenging the legality of the program, shortly after the disclosure earlier this summer. For more information, see In re EPIC and EPIC: FISC Verizon Order.

About December 2013

This page contains all entries posted to epic.org in December 2013. They are listed from oldest to newest.

November 2013 is the previous archive.

January 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.