« December 2013 | Main | February 2014 »

January 2014 Archives

January 26, 2014

"Privacy in the Networked World"

"Privacy in the Networked World"

Alan Butler,
EPIC Appellate Advocacy Counsel

Alaska Telephone Association
Waikoloa, Hawaii
January 26, 2014

January 21, 2014

"Big Data and Security in Europe: Challenges and Opportunities"

Marc Rotenberg,
EPIC President

Research Councils UK
Bibliothéque Solvay
Brussels Belgium
January 21, 2014

January 2, 2014

Snapchat Data Breach Exposes 4.6 Million Usernames

A data breach has exposed the usernames and partial phone numbers of 4.6 million users of Snapchat, a popular photo- and video-sharing app. The breach was accomplished by exploiting a flaw that was previously brought to company's attention by security researchers. Last year, EPIC filed a complaint with the Federal Trade Commission regarding Snapchat's deceptive claim that photos would "disappear forever" after a set period of time. The Federal Trade Commission has thus far failed to take action on the EPIC complaint. For more information, see EPIC: Federal Trade Commission.

January 6, 2014

"Reforming the NSA"

"Reforming the NSA"

Marc Rotenberg,
EPIC President

Diane Rehm Show
Washington, D.C.
January 6, 2014

January 3, 2014

Federal Appeals Court Rules that Legal Policy Memos Can Be Withheld From the Public

The Court of Appeals for the D.C. Circuit has ruled that the FBI may withhold a memo prepared by the Office of Legal Counsel concerning the law governing "exigent letter" requests to telephone companies for call records. The decision affirmed an earlier opinion that the memo was privileged advice, and exempt from disclosure under the Freedom information Act. The Electronic Frontier Foundation argued that the memo was "working law" and not simply advice from government lawyers. However, the Court of Appeals found that the FBI had not itself adopted the advice of government lawyers. In a different case where the Department of State followed the guidance of Justice Department lawyers, EPIC filed a "friend" of the court brief in support of the New York Times and the ACLU and argued for the release of opinions of the Office of Legal Counsel. For more information, see EPIC v. NSA: Cybersecurity Authority and EPIC: New York Times v. DOJ.

January 7, 2014

Department of Defense Proposes Autonomous Drones, Expanded Surveillance Mission

A new Department of Defense report "Unmanned Systems Integrated Roadmap" sets out "a technological vision for the next 25 years" of drone deployment. The DOD report suggests that budgets cuts are increasing the need for autonomous drones with onboard intelligence. One documentary describes the role of the the Department of Defense developing sophisticated surveillance technologies. The new DOD report states that surveillance is one of the primary purposes for pursuing drone technology, particularly for "surveillance missions that involve prolonged observation." An EPIC FOIA request revealed that domestic drones deployed by the Department of Homeland Security can be deployed with the ability to intercept electronic communications and to recognize individuals on the ground. EPIC has recommended privacy safeguards to limit drone surveillance in the United States. For more information, see EPIC: Domestic Unmanned Aerial Vehicles and Drones.

Federal Communications Commission Seeks Public Comment to Protect Phone Record Privacy

The Federal Communications Commission has invited public comments on a petition requesting the FCC to rule that the sale of consumer phone records to the government is a violation of the federal Communications Act. EPIC joined the petition, which was organized by Public Knowledge. In 2013, EPIC urged the FCC to determine whether AT&T violated the Communications Act when it sold private consumer call detail information to the Drug Enforcement Administration and Central Intelligence Agency. In 2013 EPIC also wrote to the FCC to explain that Verizon had likely violated the Communications Act when it disclosed telephone records to the NSA. Public comments on the petition are due January 17, 2014 and reply comments are due February 3, 2014. For more information, see EPIC: CPNI (Customer Proprietary Network Information), and EPIC: Foreign Intelligence Surveillance Act.

January 9, 2014

Senator Leahy Proposes Consumer Privacy Legislation

Senator Leahy has introduced the Personal Data Privacy and Security Act of 2014. The Act would strengthen privacy and data security by establishing a national standard for data breach notification, and requiring companies to create a data privacy and security program to protect and secure sensitive data. The bill follows a massive data breach at Target that compromised the personal data of more than 40 million consumers. Senator Leahy stated that the bill "aims to better protect Americans from the growing threats of data breaches and identity theft" and said there would be a hearing in the Judiciary Committee later this year. In 2012 President Obama set out a framework for consumer privacy protection, the Consumer Privacy Bill of Rights. For more information, see EPIC: Privacy Legislation and EPIC: Identity Theft.

French Data Protection Authority Fines Google for Data Consolidation

The CNIL, the French data protection authority, has fined Google 150,000 Euro (approximately $200,000) for consolidating user data. The decision follows an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services to create detailed profiles on Internet users. In 2012, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's consolidation also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

January 10, 2014

EPIC Settles FOIA Case, Obtains Body Scanner Radiation Fact Sheets

EPIC has received the documents that were the subject of EPIC's Freedom of Information Act appeal to the D.C. Circuit in EPIC v. DHS (Body Scanner FOIA Appeal). The agency had previously withheld test results, fact sheets, and estimates regarding the radiation risks of body scanners used to screen passengers at airports. EPIC challenged the lower court's determination that the factual material was "deliberative" and therefore exempt from the FOIA. After filing an opening brief to the D.C. Circuit, EPIC participated in a new appellate mediation program. As a result of the mediation, EPIC obtained not only the records sought, but also attorneys' fees. The fact sheets show that the agency did not perform a "quantitative analysis" of risks and benefits before implementing the body scanner program. EPIC addressed that concern in the 2011 lawsuit EPIC v. DHS (Suspension of Body Scanner Program). That EPIC case also had a favorable outcome, and ultimately resulted in the removal of backscatter x-ray scanners from US airports. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal and EPIC v. DHS - Suspension of Body Scanner Program.

January 13, 2014

DHS Appeals Ruling in EPIC's "Internet" Kill Switch Case

The Department of Homeland Security has appealed a ruling for EPIC in a Freedom of Information Case involving Standard Operating Procedure 303, a protocol which describes the government's plan for deactivating wireless communications networks. Seeking information about the First Amendment and public safety implications of the protocol, EPIC filed a FOIA lawsuit against the agency. A federal court ruled that the protocol could not be withheld under the FOIA because it was not an investigative technique and DHS had not established that releasing the document would cause harm to any individual. Therefore, the court concluded, the documents EPIC sought should be turned over. The Department of Justice has now appealed that decision to the D.C. Circuit Court of Appeals. For more information, see EPIC: EPIC v. DHS (SOP 303) and EPIC: FOIA.

January 14, 2014

Senator Markey Outlines New Student Privacy Legislation at EPIC Event

At a briefing on Capitol Hill hosted by EPIC, Senator Ed Markey announced plans to introduce legislation protecting student data. Senator Markey set out four principles his bill would cover: (1) student information may never be used to market products to children; (2) parents must have the right to access and amend student information held by private companies; (3) schools and private companies must safeguard student information; and (4) companies must delete student information after it is no longer needed for educational purposes. Senator Markey made the remarks at EPIC event "Failing Grade: Education Records and Student Privacy," which included leading experts in technology, student privacy, and the Chief Privacy Officer at the Department of Education. Last year, Senator Markey sent a letter to the Education Department, requesting information on the "impact of increased collection and distribution of student data" on privacy. The Education Department provided a response, suggesting that when schools outsource to private companies, they should ensure that the companies protect student data. For more information, see EPIC: Student Privacy.

January 15, 2014

Review Group to Senate: NSA Program Has Not Prevented Threats

Members of the President's Review Group presented their recommendations for NSA reform a Senate Judiciary Committee hearing. EPIC participated in the work of the Review Group. The export panel set out 46 recommendations on a range of issues from reforming intelligence surveillance directed at United States persons to promoting prosperity, security, and openness in the networked world. The Members stated the the NSA's bulk collection of metadata had not prevented threats against the United States and recommend that the it be ended. Acknowledging privacy concerns, former CIA Deputy Director Michael Morrell also stated that "there is quite a bit of content in metadata." Last year, EPIC filed a petition in the Supreme Court challenging the legality of the NSA's telephone record collection program. Legal scholars and former members of the Church Committee supported the EPIC petition. The Supreme Court dismissed the petition without ruling on the merits. For more information, see In re EPIC.
"there is quite a bit of content in metadata" - Morrell, former CIA Deputy Director

Supreme Court Lets Stand Fourth Amendment Protections At the Border

This week the Supreme Court declined to review the decision of the Ninth Circuit in United States v. Cotterman, leaving in place expanded Fourth Amendment protections for searches occurring at the U.S. border. In Cotterman, the federal appeals court held that the Fourth Amendment requires a border agent to have reasonable suspicion before using forensic tools to search laptops, cameras, and other digital devices. The court emphasized that the "comprehensive and intrusive nature of the forensic examination" is the key factor in triggering greater Fourth Amendment scrutiny. EPIC has previously argued that advanced traveler screening methods should only be employed subject to privacy protections. For more information, see EPIC: Traveler Privacy, EPIC: Florida v. Jardines, and EPIC: Amicus Curiae briefs.

January 17, 2014

Supreme Court to Rule on Cellphone Privacy

Today the U.S. Supreme Court granted certiorari in Riley v. California and United States v. Wurie, two cases involving the warrantless search of an individual's cell phone incident to arrest. The Court will need to determine whether the Fourth Amendment limits a law enforcement officer from searching through the troves of data that are stored on an individual's cell phone when that individual is arrested. Courts have previously held that officers can search an individual's person and effects when they place them under arrest. But modern cell phones enable access to a wealth of personal data, which is unrelated to the Government’s reason for securing an arrestee. For more information, see EPIC: Riley v. California and EPIC: Amicus Curiae Briefs.

Senate Commerce Committee Considers Rules for Domestic Drones

The Senate Committee on Commerce, Science, and Transportation held a hearing on "the Future of Unmanned Aviation in the U.S. Economy: Safety and Privacy Considerations." Senator Diane Feinstein noted the threat that drones pose to both privacy and safety, and described how a drone once flew outside her home during a demonstration. Later in the hearing, Senator Ed Markey, who held up an AR Parrot Drone during the hearing, has written legislation to safeguard privacy. And Senator Cory Booker said that drones put him "between my Star Trek aspirations and my Terminator fears." The Committee heard testimony from FAA Administrator Michael Huerta. The FAA is responsible for integrating drones into the U.S. domestic airspace by 2015. EPIC had petitioned the FAA to implement privacy rules for drones. The FAA responded to EPIC's petition and has required, as an interim step, each of the six selected test sites for drone deployment to establish a public privacy policy. For more information, see EPIC: Domestic Unmanned Aerial Vehicles and Drones.

January 18, 2014

Obama Announces End of NSA Telephone Record Collection Program

In a widely anticipated speech (video) on reform of the NSA, President Obama announced he would end the NSA telephone record collection program, first requiring a court order for all queries and then ending the NSA massive record request prior to the next renewal. EPIC, legal scholars, the President’s Review Group, and sponsors of the USA FREEDOM Act, including Senator Patrick Leahy and Senator Ron Wyden had urged the President to take this step. The President also said that the Administration would move to implement “a majority of the recommendations” made by the Review Group. The President announced several other reform measures, including a public advocate for the Foreign Intelligence Surveillance Court, new privacy rights for non-US citizens, more transparency for data collection, a narrowed focus on foreign data collection, greater oversight of signals intelligence, a new Privacy Coordinator at the White House, and a new panel to look closely at privacy and “Big Data.” Still, the President may not have gone far enough to address the scope of NSA programs, the privacy rights of those outside the US, and the need to ensure stronger technical safeguards for Internet stability and reliability. The President also did not indicate whether the U.S. would move to ratify the Council of Europe Privacy Convention or seek legislation to enact the Consumer Privacy Bill of Rights. For more information, see White House Fact Sheet

January 21, 2014

Surveillance Seminar

Alan Butler,
EPIC Appelate Advocacy Counsel

Close Up Foundation
Washington, DC
January 21, 2014

January 22, 2014

EPIC Files Appeal, Challenging Secrecy of Presidential Directives

EPIC has filed a Statement of the Issue Presented with the D.C. Circuit Court of Appeals. EPIC is appealing a lower court decision that NSPD 54 -- a Presidential Directive setting out the scope of the NSA's authority over computer networks in the United States -- is not subject to disclosure under the Freedom of Information Act. EPIC sought the Presidential Directive, signed by President Bush in January 2008, from the National Security Agency after the White House disclosed the existence of the Directive but not the substance. After the agency failed to respond to EPIC's FOIA request, EPIC filed an administrative appeal, and then a lawsuit. The lower court ruled in EPIC v. NSA that the Presidential Directive is not subject to the FOIA because it was not under "the control" of the NSA. It was the first time a federal court has ruled that an Presidential Directive is not subject to the Freedom of Information Act. EPIC is now asking the Court of Appeals to determine, "Whether the district court erred in holding that a Presidential Directive in the possession of a federal agency is not an agency record subject to the FOIA." For more information, see EPIC v. NSA: Cybersecurity Authority.

Internet Data Privacy Colloquium, 2014 Governmental Information Collection Session

Khaliah Barnes,
EPIC Administrative Law Counsel

Dialogue on Diversity
Washington, D.C.
January 22, 2014

January 23, 2014

EPIC, Amnesty International Urge President Obama to Support Privacy in Annual State of the Union

EPIC President Marc Rotenberg, Amnesty International Secretary General Salil Shetty, and members of the EPIC Advisory Board have asked President Obama to support privacy and the international privacy convention in the annual State of the Union speech next week. The State of the Union falls this year on January 28, which is also International Privacy Day. EPIC and Amnesty are urging the President to express support for privacy as a fundamental human right and to begin the process of ratification of the international Privacy Convention, supported by more than forty countries around the world. In 2013, many members of the US Congress, including Senator Patrick Leahy, expressed support for International Privacy Day. Members of the EPIC Advisory Board also wrote to then Secretary of State Hillary Clinton about the Privacy Convention, urging US support. For more information, EPIC - Council of Europe Privacy Convention, EPIC - Letter to Secretary Clinton (2010).

White House Announces Review of "Big Data and the Future of Privacy"

Following the President's speech on reform of the intelligence collection programs, White House counselor John Podesta has announced "a comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This is the first major privacy initiative announced by the White House since the release of the Consumer Privacy Bill of Rights in 2012. The undertaking will involve key officials across the federal government, including the President’s Science Advisor and the President's Council of Advisors on Science and Technology. EPIC has participated in several workshops and studies concerning the intersection of privcy and "big data."

Oversight Board Calls for End of NSA Telephone Records Program

Today the Privacy and Civil Liberties Oversight Board called for the end of the section 215 program that allows the NSA to collect the telephone records of all Americans. In a comprehensive report, the Oversight Board unanimously found that "the NSA's Section 215 program has not proven useful in identifying unknown terrorists or terrorist plots" and that "telephone calling records, when collected in bulk and subjected to powerful analytic tools, can reveal highly sensitive personal information." A majority of the board also concluded that Section 215 did not permit the routine collection of all telephone records on all Americans. The report set out 12 recommendations discussing additional privacy safeguards, greater transparency, and improvements to the Foreign Intelligence Surveillance Court. The members of the Oversight Board unanimously supported almost all of the recommendations. EPIC urged the Board last year at a public workshop to (1) find that section 215 does not permit the collection of all telephone records by the NSA; (2) improve reporting of FISA activities; (3) establish new safeguards for transparency and accountability; and (4) reconsider the Constitutional basis of metadata collection in light of the scope of the government's activities and recent Supreme Court opinions. EPIC had earlier petitioned the Supreme Court to find the 215 program unlawful. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. For more information, see EPIC: In re EPIC - NSA Telephone Record Surveillance.

January 22, 2014

2014 CPDP Conference

CPDP Conference 2014

January 27, 2014

EPIC Gives 2014 International Award to European Parliament Member Jan Albrecht

EPIC has given the 2014 International Champion of Freedom Award to European Parliament Member Jan Philipp Albrecht for "modernizing and defending the law of data protection." As a rapporteur for the Committee on Civl Liberties, Justice and Home Affairs, Albrecht has led the effort in the European Parliament to update European privacy law. He is also an outspoken defender of privacy rights and has promoted the investigation of the NSA program of mass surveillance. Albrecht received the award from EPIC at the annual Computers, Privacy, and Data Protection conference in Brussels. Previous award recipients include privacy activist Max Schrems, Canadian Privacy Commissioner Jennifer Stoddart, European Parliamentarian Sophie In't Veld, Australian Jurist Michael Kirby, and Constitutional Law Scholar Stefano Rodotà. The award is given by EPIC annually in recognition of January 28, International Privacy Day.

January 30, 2014

"Assessing the Impact of PPD 28 on NSA Oversight"

Assessing the Impact of PPD 28 on NSA Oversight

Jeramie D. Scott,
EPIC National Security Counsel

Georgetown University’s Center for Security Studies
Washington, D.C.
January 30, 2014

January 29, 2014

"I will reform our surveillance programs," President Obama Tells Nation

Stating that "America must move off a permanent war footing," President Obama announced (video) at the State of the Union that "working with this Congress, I will reform our surveillance programs." (50:30) The President continued, (text) "because the vital work of intelligence community depends on public confidence, here and abroad, that the privacy of ordinary people is not being violated." Citing the need to close the prison in Guantanamo, the President also said "we counter terrorism not just through intelligence and military action but by remaining true to our constitutional ideals and setting an example for the rest of the world." EPIC and other consumer privacy organizations have urged the President to move forward the Consumer Privacy Bill of Rights and to support the International Privacy Convention.

January 28, 2014

"Big Surveillance Demands Big Privacy - Enter Privacy-Protective Surveillance"

Big Surveillance Demands Big Privacy - Enter Privacy-Protective Surveillance

Amie Stepanovich,
Director, EPIC Domestic Surveillance Project

Toronto, Canada
January 28, 2014

About January 2014

This page contains all entries posted to epic.org in January 2014. They are listed from oldest to newest.

December 2013 is the previous archive.

February 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.