« January 2014 | Main | March 2014 »

February 2014 Archives

February 13, 2014

"Civil Liberties Dead Zone: US Border Searches"

"Civil Liberties Dead Zone: US Border Searches"

Marc Rotenberg,
EPIC President

Michael Chertoff,
Former Secretary DHS

Freedom of the Press Committee
National Press Club
Washington, DC
February 13, 2014

February 4, 2014

"The Future of Information Privacy Protection"

"The Future of Information Privacy Protection"

Marc Rotenberg,
EPIC President

Georgetown University Law Center
Washington, D.C.
February 4, 2014

February 6, 2014

"Freedom of Speech and Privacy"

Marc Rotenberg,
EPIC President

Free Speech Dialogues
University of Texas
Austin, TX
February 6, 2014

February 5, 2014

EPIC Launches Privacy Rights Blog

EPIC has launched a new Privacy Rights Blog, where staff members and guests will write longer-form posts about current issues, including student privacy, domestic surveillance technology, the Fourth Amendment, FOIA law, national security oversight, and consumer privacy. These posts will provide the EPIC staff with a new way to engage our readers, and we look forward to addressing important emerging issues. If you have comments or suggestions for future blog topics, please contact us at blog [at] epic [dot] org. For more information, see Privacy Rights Blog @ EPIC.org.

FTC Chair Ramirez Urges Senate to Act on Data Security Legislation

The Senate Judiciary Committee hearing on "Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime" followed a series of major data breaches at Target, Neiman Marcus, and Michaels, which compromised the personal data of tens of millions of consumers. Senator Leahy, who has introduced important data privacy legislation, said "In the digital age, Americans face threats to their privacy and security unlike any time before in our Nation's history." FTC Chair Edith Ramirez expressed strong support for federal data security legislation. (2h18m). In 2012 President Obama set out a framework for consumer privacy protection, the Consumer Privacy Bill of Rights, which is supported by consumer privacy organizations. For more information, see EPIC: Privacy Legislation, EPIC: Identity Theft, and EPIC: Federal Trade Commission.

EPIC Recommends Safeguards For Facial Recognition Technology

In a letter to the Department of Commerce, EPIC called on the agency to develop a facial recognition framework based on the Fair Information Practices ("FIPs"). The National Telecommunications and Information Administration is meeting to address the commercial use of facial recognition, which has seen a backlash. Google banned facial recognition apps and services and Europe required Facebook to discontinue the use of facial recognition for photo tagging. Today Senator Al Franken raised concerns about NameTag. Senator Franken, in a letter to the app developer, called for the delay of the apps release until best practices are established. In comments to the Federal Trade Commission, EPIC previously recommended the suspension of facial recognition technology until adequate safeguards are established. For more information, see EPIC: Face Recognition.

February 7, 2014

New Limits on NSA Telephone Record Program Established, Authority Expires March 28

The Foreign Intelligence Surveillance Court has granted the government’s motion to limit access by the NSA to the bulk telephone records provided by US telephone companies. Under the new rules, the government cannot "query" the telephone metadata until after the court finds that there is a "reasonable, articulable suspicion that the selection term is associated with" a terrorist organization. The new rules also limit query results to telephone numbers within "two hops" of the selector. President Obama announced the new legal requirement during his recent speech on surveillance reform, when he committed to end the NSA’s bulk record collection program. The NSA's authority to force US telephone companies to turn over records on all their customers will expire on March 28th. The President has recommended that the Intelligence Community and the Attorney General propose an alternative to the bulk collection program prior to that deadline. For more information, see EPIC: FISC and EPIC: NSA Verizon Phone Record Monitoring.

February 10, 2014

Homeland Security Revised Traveler Screening Violates Federal Privacy Act

The Transportation Security Administration and Customs and Border Protection, components of the Department of Homeland Security, have announced plans for agency record disclosures without Privacy Act notifications. The agencies Common Operating Picture ("COP") program would permit TSA and CBP to exchange personal information held by the agencies to place travelers on federal watch lists. Although TSA and CBP have proposed new uses for personal data, the agencies have declined to solicit public comments as required by the Privacy Act. Currently, the agencies use the Automated Targeting System to perform "risk assessments." EPIC has called for DHS to suspend "risk-based" passenger profiling and to make public the algorithms that are used to assess travelers. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.

EPIC, Coalition Urge White House to Listen to Public on "Big Data and Privacy"

EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the White House's Office of Science and Technology Policy to accept public comments on the Big Data and The Future of Privacy study now underway. The Office's primary function is to advise the President on scientific and technological issues. The President announced the Big Data review during a recent speech on NSA reform. The petition calls on the Office of Science and Technology Policy to incorporate the concerns and opinions of the public and lays out a number of important questions to consider, including whether current laws are adequate and also whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. For more information, see EPIC: Privacy and Consumer Profiling.

"On the Heels of the Week: Privacy, Fashion, and the Internet"

"On the Heels of the Week: Privacy, Fashion, and the Internet"

Khaliah Barnes,
EPIC Administrative Law Counsel

New York State Bar Association
New York, NY
February 11, 2014

February 11, 2014

EPIC Accepts NSA's Settlement Offer, Receives Attorneys Fees

EPIC has accepted the NSA's offer to settle a Freedom of Information Act case EPIC v. NSA. EPIC sought both National Security Presidential Directive 54, a Presidential Directive setting out the scope of the NSA's authority over computer networks in the United States, as well as documents related to NSPD 54. EPIC received some of the documents as a result of the lawsuit, "substantially prevailing" under the FOIA, and prompting the NSA to make a settlement offer to EPIC. As a consequence, EPIC will receive attorneys fees from the NSA. EPIC is simultaneously appealing the lower court's determination that NSPD-54 is not an "agency record" subject to the FOIA. It was the first time a federal court has ruled that a Presidential Directive is not subject to the Freedom of Information Act. For the appeal, EPIC has already filed a Statement of the Issue, and the parties are waiting for the D.C. Circuit Court of Appeals to set a briefing schedule. For more information, see EPIC v. NSA - Cybersecurity Authority.

Court Denies EPIC Injunction in FOIA Case for Surveillance Reports

A federal judge has denied EPIC's motion for a preliminary injunction that would have required the Department of Justice to complete processing of EPIC's Freedom of Information Act Request for FISA "Pen Register" reports within 20 days. In EPIC v. DOJ, EPIC sought public disclosure of the reports that describe the collection of the bulk Internet metadata from 2004 to 2011. The Justice Department granted EPIC's request for expedited processing in November 2013, but has not yet disclosed any responsive records. After EPIC filed suit and moved for a preliminary injunction, the Justice Department notified EPIC that it intends to complete processing of the reports by February 28, 2014. For more information, see EPIC v. DOJ (FISA Pen Register Reports).

February 12, 2014

Senate Hears from Privacy Oversight Board, NSA "Metadata" Program is Ineffective

At a Senate Judiciary Committee hearing today, members of the Privacy and Civil Liberties Oversight Board discussed their review of the Section 215 program, concerning the collection of telephone records on US telephone customers. The Privacy Civil Liberties Board 238 page report found that the program was not effective and had not prevented any terrorist incidents. Recent reports also indicate that only 30% of phone records are actually collected, calling into question the value of the "metadata" program. Senate Judiciary Chairman Patrick Leahy stated that "the administration has not demonstrated" that the program "is uniquely valuable to justify the massive intrusion upon American's privacy." The President recently announced that the current bulk collection program would end and announced a transition process, requiring judicial approval of queries, prior to the expiration of the current authority on March 28. For more information, see EPIC: NSA Verizon Phone Record Monitoring.

February 13, 2014

Senators Rockefeller and Markey Propose Data Broker Legislation

Senators Rockefeller and Markey have introduced the The Data Broker Accountability and Transparency Act of 2014 (DATA Act). The proposed Act imposes transparency and accountability requirements on data brokers and other companies that profit from the collection and sale of consumer information. Under the DATA Act, consumers would be able to access their personal information, make corrections, and opt out of marketing schemes. The DATA Act would empower the FTC to impose civil penalties on violators, and would prohibit data brokers from collecting consumer data in deceptive ways. In 2009, EPIC testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's complaint to the FTC against data broker Choicepoint lead to a $10 million settlement. For more information, see EPIC: Federal Trade Commission, EPIC: Choicepoint and EPIC: Privacy and Consumer Profiling.

February 20, 2014

DHS Cancels Nationwide License Plate Tracking System

The Department of Homeland Security has cancelled a plan to build a national license plate tracking database. The database would have included the license plate records of car owners across the country, obtained from private companies and law enforcement agencies. The request for bids lacked any consideration of privacy protections. EPIC, through various Freedom of Information Act requests, had obtained extensive documents on the current programs operated by the Customs and Border Protection and the Federal Bureau of Investigation. The documents uncovered by EPIC show that both agencies failed to adequately address the privacy implications of license plate readers. For more information, see EPIC: License Plate Recognition Systems.

Children's Advocacy Group Withdraws from Facebook Settlement

The Campaign for Commercial-Free Childhood has turned down $290,000 from a controversial consumer privacy settlement concerning Facebook's Sponsored Stories. The children's advocacy group said, "We now believe that this settlement is actually worse than no settlement. It harms vulnerable teenagers and their families under the guise of helping them...we cannot benefit from a settlement which we now realize is harmful to children and will impede future efforts to protect minors' privacy on Facebook." The MacArthur Foundation withdrew from the Fraley settlement last year, suggesting the funds be redirected to "other non-profit organizations engaged in the underlying issues." And in a related case, Chief Justice Roberts suggested that the Supreme Court will need to address "fundamental concerns surrounding the use of such remedies in class action litigation." EPIC has worked closely with consumer privacy organizations and federal courts to improve class action settlements, arguing that settlements in consumer privacy cases should improve consumer privacy and that awards should be allocated to organizations aligned with the interests of class members. For more information, see EPIC: Fraley v. Facebook.

Massachusetts Court Upholds Privacy Protection for Location Records

In Commonwealth v. Augustine, the Massachusetts Supreme Judicial Court ruled that an individual has a reasonable expectation of privacy in cell phone location records held by a company. Article 14 of the Massachusetts Constitution, similar to the Fourth Amendment, provides that individuals should be free from "unreasonable searches, and seizures." The court held that obtaining two weeks of phone location records was a search, requiring a warrant. EPIC filed "friend of the court" briefs in Commonwealth v. Connolly, a similar case in Massachusetts concerning warrantless GPS tracking, and State v. Earls, a case in which the New Jersey Supreme Court held that location data is protected under the state constitution. EPIC also filed a brief in In re U.S. Application for Historical Cell Site Data, where an appeals court held that users have no reasonable expectation of privacy in location records under the Fourth Amendment. The Massachusetts Supreme Court considered all three cases. For more information, see EPIC: Location Privacy.

February 21, 2014

DHS Open Government Report Reveals Increased Backlog and Use of Law Enforcement Exemptions

The Department of Homeland Security has released the 2013 Freedom of Information Act Report detailing the agencies attempts to comply with the federal open government law. The FOIA requires each agency to provide the numbers of requests received and processed, the time taken to respond, the outcome of each request, and other statistics. In 2013, the DHS reported a significant increase in its FOIA backlog, which rose from 28,553 unanswered requests in 2012 to 53,598 unanswered requests in 2013. Of the nine exemptions that an agency can invoke to withhold documents, DHS relied most heavily on exemption 7(C) (law enforcement records that if released would constitute an invasion of personal privacy) and 7(E) (law enforcement records that if released would disclose law enforcement techniques or procedures, which is significant because the DHS is not a law enforcement agency. DHS reported granting about 7% of requests for expedited processing. EPIC has prevailed in several FOIA lawsuits against DHS, and has also worked to reform the agency's FOIA processing practices for other requesters. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal, EPIC v. DHS - Social Media Monitoring, and EPIC v. DHS - SOP 303.

EPIC Urges FTC to Strengthen Safe Harbor Settlements

EPIC has submitted comments to the Federal Trade Commission, urging the agency to improve pending settlements in several Safe Harbor enforcement actions. According to the FTC, twelve companies misrepresented compliance with the EU-US privacy arrangement. EPIC recommended that the Commission revise the proposed orders to: (1) require the companies to comply with the Consumer Privacy Bill of Rights; (2) publish the companies' consent order compliance reports as they are submitted; and (3) strengthen the sanctions against a DNA testing firm, whose misrepresentations puts genetic information at risk. EPIC also noted that the Commission's ongoing failure to modify consent orders in response to public comments is "contrary to the interests of American consumers." For more information, see EPIC: EU Data Protection Directive and EPIC: Federal Trade Commission.

EPIC Files Amicus Brief in Facebook Consumer Privacy Case, Urges Rejection of Settlement

EPIC has filed a amicus brief urging a federal appeals court to overturn a controversial consumer privacy settlement. If the Fraley v. Facebook settlement is approved, Facebook will display the images of Facebook users, including young children, for commercial endorsement without consent. Facebook users opposed "Sponsored Stories" and several have formally objected to the settlement, including a children's advocacy organization which said that the "settlement is actually worse than no settlement." The MacArthur Foundation also withdrew stating it should not have been designated to receive funds. EPIC's amicus brief in support of the objectors explains that the settlement is unfair to Facebook users and should be rejected. EPIC also notes that Chief Justice Roberts expressed concerns about a similar privacy settlement involving Facebook. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.

February 24, 2014

EPIC, Coalition Urge President Obama to Advance Privacy Bill of Rights

EPIC along with a coalition of over 40 public interest organizations has urged the President to implement the Consumer Privacy Bill of Rights, a comprehensive framework for privacy protection. The letter comes on the two-year anniversary of the Administration's introduction of the Privacy Bill of Rights, which includes baseline privacy principles, such as individual control and transparency, respect for context and focused collectionm and better access, accuracy, and accountability. The President called the Privacy Bill of Rights a "blueprint for privacy in the information age" and said his Administration "will work to advance these principles and work with Congress to put them into the law." The letter from the organizations states, "We urge you to work with those in Congress who favor the privacy rights of Americans, who support updates to privacy law, and who understand why this issue is so critical to so many Americans. And let those who stand in the way explain to their constituents why they believe that it is not necessary for Congress to do anything further to protect the fundamental rights of Americans." For more information, See EPIC: White House: Consumer Privacy Bill of Rights.

School Privacy Zone Summit: Protecting Student Data from the Classroom to the Cloud

School Privacy Zone Summit: Protecting Student Data from the Classroom to the Cloud

Khaliah Barnes,
Director, EPIC Student Privacy Project

Common Sense Media and the Annenberg Retreat at Sunnylands
Pew D.C. Conference Center
Washington, D.C. February 24, 2014

February 26, 2014

Consumer Privacy, Data Security, and Cyber Liability

"Consumer Privacy, Data Security, and Cyber Liability"

David Husband,
EPIC National Security Appellate Advocacy Fellow

Washington D.C. Bar Association
Washington, D.C.
February 26, 2014

February 24, 2014

White House and MIT to Host Conference on Big Data and Privacy

On March 3, 2014, the White House and MIT will cohost "Big Data Privacy: Advancing the State of the Art in Technology and Practice." The conference is part of the White House's Big Data and the Future of Privacy initiative and will feature keynotes from Counselor to the President John Podesta and Secretary of Commerce Penny Pritzker. Scholars, privacy advocates, government representatives and private sector leaders will explore the opportunities and challenges of big data and examine the use of Privacy Enhancing Techniques. President Obama has called for a "comprehensive review of big data and the future of privacy." In response, EPIC and a coalition of consumer and scientific organizations outlined key questions for the White House to explore, and also asked the Office of Science and Technology Policy to encourage public participation. For more information see EPIC: Big Data and the Future of Privacy, EPIC: Privacy and Consumer Profiling, and EPIC: Privacy Tools.

February 26, 2014

Supreme Court Allows Warrantless Search of Home

In a case that narrows the warrant requirement for searches of homes, the Supreme Court upheld the warrantless search of a suspect's home by the LAPD after the person objected. In Fernandez v. California, the officers returned to the apartment of the resident after he had been arrested, and obtained consent from a roommate to conduct a search. Justice Alito, writing for the 6-3 majority, found that the roommate's consent was sufficient once the defendant was no longer present. Justice Ginsburg, writing in a dissent joined by Justices Sotomayor and Kagan, argued that the decision "tells the police they may dodge" the warrant requirement and is contrary to a prior a decision of the Court. In Georgia v. Randolph, the Supreme Court previously ruled that when one occupant refuses to consent to a search, the other's consent is not sufficient to permit a search. EPIC has previously filed amicus briefs in a number of important Supreme Court Fourth Amendment cases. For more information, see EPIC: United States v. Jones, EPIC: Maryland v. King, EPIC: Amicus Curiae Briefs.

February 27, 2014

"Cloud Computing and the Law"

"Cloud Computing and the Law"

Marc Rotenberg,
EPIC Executive Director

Ottawa Law Review
University of Ottawa
Ottawa, Canada
27 February 2014

February 28, 2014

EPIC Files FOIA Lawsuit for Information About Massive Telco Database "Hemisphere"

EPIC has filed a Freedom of Information Act lawsuit for records about "Hemisphere," a massive telephone record collection program operated by the Drug Enforcement Agency in cooperation with AT&T. Under the program, law enforcement agencies access billions of detailed customer phone records, including location data, dating back to 1987 in routine criminal matters unrelated to national security. EPIC filed the complaint after the federal agency failed to respond to EPIC's FOIA request for information about the operation and legal authority for the program. EPIC has previously challenged the NSA's bulk collection of telephone records in a petition to the US Supreme Court. For more information, see EPIC: In re EPIC (NSA Telephone Record Surveillance), EPIC: Hemisphere and EPIC v. DEA (Hemisphere FOIA).

House Passes FOIA Reform Bill

The House of Representatives has passed the FOIA Oversight and Implementation Act of 2014. The bill would strengthen the Office of Government Information Services, require agencies to update their FOIA regulations, and mandate the use of a single, free website for submitting FOIA requests and appeals and receiving information about the status of the FOIA request. The bill would also require that agencies seeking to withhold information under one of the FOIA's exemptions demonstrate that there would be a "specific identifiable harm," tied to the purpose of the exemption, if disclosure occurred. The bill does not address several key transparency community proposals, including recommendations to limit the use of exemptions and to make it easier to track legislative proposals for new FOIA exemptions. The Senate is currently considering a similar bill. For more information see: EPIC: Open Government.

About February 2014

This page contains all entries posted to epic.org in February 2014. They are listed from oldest to newest.

January 2014 is the previous archive.

March 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.