« July 2015 | Main | September 2015 »

August 2015 Archives

August 3, 2015

State Department and Homeland Security Propose Open Government Rules

The State Department and the Department of Homeland Security have each proposed to amend their Freedom of Information Act programs. Both agencies propose several favorable changes to their FOIA programs, including more circumstances in which the agencies would expedite processing for open government requests. The agencies are currently accepting public comments on their proposals until September 28. EPIC recently submitted extensive comments to the Defense Department, opposing several of the agency's plans to amend its FOIA program. EPIC routinely comments on FOIA rulemakings and has had past success with the Justice Department, Federal Trade Commission, and several other federal agencies.

GAO Report: Facial Recognition Technology Implicates Consumer Privacy, But Remains Unregulated

The Government Accountability Office has published a report on commercial use of facial recognition technology. The GAO compiled the report at the request of Senator Al Franken, who objected to use of the technology by Facebook and Google. The GAO surveyed companies, federal agencies, and NGOS, including EPIC. The report explains the technology's privacy risks, but also reports that no laws or guidelines currently regulate facial recognition technology. The GAO also reports that the "extent of [the technology's] current use in commercial settings is not fully known." EPIC has frequently advocated for face recognition privacy laws.

August 4, 2015

EPIC, Coalition Urge FCC to End Call Record Data Retention

EPIC and a coalition of leading consumer rights, human rights, and civil liberties organizations, along with members of the EPIC Advisory Board, have petitioned the Federal Communications Commission to end the FCC's rule requiring mass retention of phone records. Currently, the FCC requires phone companies to retain sensitive information on all customers, including name, address, telephone number, telephone number dialed, date, time, and length of the call for 18 months. The petition states that the FCC's mandate "violates the fundamental right to privacy, exposes consumers to data breaches, stifles innovation, and reduces competition. It is outdated and ineffective. It should end."

Federal Court Finds Fourth Amendment Protects Cell Phone Location Data

A federal court in California ruled that police must get a warrant before obtaining a user's location records. The court found individuals have a "reasonable expectation of privacy" in their cell phone location data, based on the Supreme Court's recent decisions in United States v. Jones and Riley v. California. These records, the court found, can be even "more invasive" than the "GPS device attached to the defendant's car in Jones." EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit Court of Appeals arguing that the Fourth Amendment protects an individual's locational privacy.

August 5, 2015

Coalition Successfully Blocks Restrictive FOIA Exemptions

After receiving opposition from open government advocates and support from Senators Patrick Leahy, John Cornyn, and Charles Grassley, the Senate has removed "b(3)" Freedom of Information Act exemptions from the Senate's transportation bill. The exemptions would exclude public access to important information about safety audits, trucking company safety scores, accident footage, and records related to hazardous train service. The final bill passed the Senate 65 to 34 without the controversial language, which Senator Leahy called "bad FOIA provisions" that should have been first reviewed by the Judiciary Committee. EPIC previously set out recommendations for FOIA reform.

Federal Court: DHS Failed to Justify Withholdings in Defense Contractor Monitoring FOIA Case

In EPIC v. DHS, a federal district court ruled that the Department of Homeland Security failed to justify withholding documents subject to the Freedom of Information Act. EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors. The court concluded that the agency's argument relied on "a weak assumption," but will allow the agency to submit a revised justification for withholding the records. EPIC previously won a five-year legal battle to release NSPD-54, the foundational legal document for U.S. cybersecurity policies.

EPIC Warns Boston City Council of Risks of Body Cameras

EPIC submitted a statement for the record today for the Boston City Council hearing on mandating body cameras for the Boston Police. EPIC opposes the use of "police cams" and warned the city council that body cameras could "become the next surveillance technology disproportionately aimed at the most marginalized members of society." EPIC also pointed to the potential liability for cities if harmful images are posted online. EPIC explained that there are "more productive means to achieve police accountability that do not carry the risk of increasing surveillance." EPIC stressed that if body cameras are deployed, police departments must comply with all privacy and open government laws.

Facebook Applies for Patent to Collect Users' Credit Scores

Facebook has applied for a patent that would allow lenders to make credit decisions on a user based on the user's Facebook activity. If the patent is approved, Facebook will be able to collect the credit scores of a user's "friends" and supply a creditor with their average score. If that average is below a certain threshold, the lender will reject the application. EPIC has filed extensive comments with the Consumer Financial Protection Bureau, urging the agency to limit the amount of information creditors can access about consumers. EPIC has called for algorithmic transparency in automated decisions concerning individuals.

August 6, 2015

Federal Court Strikes Down Texas Voter ID Law

The U.S. Court of Appeals for the Fifth Circuit has ruled that the strict Texas Voter ID requirement is unlawful because it would disproportionately burden minority voters, in violation of the Voting Rights Act. EPIC has previously raised similar arguments about voter privacy in its amicus brief in the Supreme Court case Crawford v. Marion County Election Board. EPIC argued in Crawford that "Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state's voter ID system is imperfect, and relies on a flawed federal identification system." EPIC also presented a statement to the House Judiciary Committee in 2007 highlighting the importance of the secret ballot.

Appeals Court Upholds Fourth Amendment Protection of Location Data

The U.S. Court of Appeals for the Fourth Circuit ruled that the Fourth Amendment protects a cell phone user's location records and that officers must get a warrant to inspect them. The Fourth Circuit is the first federal appeals court to hold that the Fourth Amendment warrant requirement applies to location data following the decision by the Eleventh Circuit earlier this year permitting warrantless searches. The Supreme Court will likely review one of these two cases to resolve the split between federal appeals courts. EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit arguing that the Fourth Amendment protects an individual's location privacy.

August 10, 2015

In the States: Delaware Enacts Several Privacy Laws

Delaware has recently passed four privacy laws. Under the Delaware Online Privacy and Protection Act, websites and apps must disclose the personally identifiable information they collect and how they use this information. The Student Data Privacy Protection Act enhances student privacy protections, banning companies from selling student data or using student data for targeted advertising. The Victim Online Privacy Act protects domestic violence survivors against having certain contact information posted online. The Employee/Applicant Protection for Social Media Act bars employers from demanding access to their employees' or prospective employees' social media accounts. EPIC's State Policy Project is monitoring privacy bills nationwide.

August 11, 2015

EPIC Pursues Lawsuit about Secret Government Profiling Program

EPIC has filed a reply brief in federal court, rebutting the government's claim that it can withhold information about automated profiling. In EPIC v. CBP, a Freedom of Information Act case, EPIC seeks documents about the "Analytical Framework for Intelligence," which incorporates personal information from government agencies, commercial data brokers, and the Internet. The agency then uses secret, analytic tools to assign "risk assessments" to travelers, including U.S. citizens traveling solely within the United States. EPIC submitted a FOIA request in 2014 for documents relating the framework. EPIC has called for "algorithmic transparency" in automated decisions concerning individuals.

EPIC Petitions Supreme Court, Seeks Release of Cellphone Shutdown Policy

EPIC has filed a petition to the U.S. Supreme Court in a long-running battle to obtain a secret government cellphone shutdown policy. EPIC has pursued the Department of Homeland Security policy since BART officials shut down cell phone service during a peaceful protest in 2011.. The demonstrators were protesting the police's killing of an unarmed homeless man. The appellate court's decision, wrote EPIC, "is contrary to the intent of Congress, this Court's precedent, and this Court's specific guidance on statutory interpretation." A federal judge previously ruled in EPIC's favor.

August 13, 2015

EPIC Challenge to FAA Failure to Establish Privacy Safeguards Moves Forward

The federal appeals court in Washington, DC has ordered briefing in EPIC's lawsuit against the Federal Aviation Administration. EPIC filed suit in March after the FAA failed to establish privacy rules for commercial drones as mandated by Congress. The EPIC lawsuit followed an earlier petition to the agency backed by more than a hundred organizations and privacy experts. The FAA had asked the D.C. Circuit to dismiss EPIC's lawsuit. But in today's order, the appellate court directed the parties to prepare merits briefing for a three-judge panel which will consider the case.

August 14, 2015

Without Public Comment, FTC Narrows Section 5 Authority

The Federal Trade Commission has issued a "Statement of Principles Regarding Enforcement of FTC Act as a Competition Statute." The Principles appear to narrow the ability of the Commission to pursue unfair business practices and were announced without any formal opportunity for public comment. Chairwoman Ramirez said that the Statement makes "time-honored principles explicit; it does not signal any change of course in our enforcement practices and priorities." Commissioner Olhausen dissented and noted the lack of opportunity for public comment. EPIC and others have urged the FTC to use Section 5 authority to address growing concerns about industry consolidation and privacy protection. EPIC has also noted the failure of the FTC to incorporate public comments in its proceedings, as required by law.

August 20, 2015

Education Department Seeks Public Comment on Student Privacy Guidance

The Education Department is seeking public comment on new guidance to protect student medical privacy. Currently, college officials may disclose confidential student medical records for purpose unrelated to treatment, including to university attorneys engaged in litigation against students. The Department’s proposal would require colleges to obtain student written consent or a court order prior to disclosure. The Department will accept public comments on the proposed guidance until October 2, 2015. EPIC previously sued the Education Department for weakening federal student privacy rules. EPIC also proposed the Student Privacy Bill of Rights, an enforceable student privacy and data protection framework.

Federal Appeals Court Revives Driver Privacy Claims

In McDonough v. Anoka County, a federal appeals court has revived several cases under the Driver's Privacy Protection Act. A lower court previously ruled that the plaintiffs, including female journalists, failed to bring the claims in time. EPIC argued as amicus that "discovery" not "occurrence" is the correct standard for time limitations in privacy cases. Although the appellate court affirmed that some claims were time barred, it permitted many of the claims to proceed. The defendants' justifications for accessing the plaintiffs' driving records, wrote the court, "are not sufficiently convincing to undermine the reasonable inference of impermissible purpose." The appellate court also acknowledged that "[EPIC] raises legitimate concerns about the ability of identity thieves to utilize sensitive personal information found in motor vehicle records and the difficulty in detecting such a crime within the applicable limitations period."

August 21, 2015

Professor Latanya Sweeney Launches New Privacy and Technology Journal

Harvard Professor Dr. Latanya Sweeney has launched Technology Science, a new online journal for "original material dealing primarily with a social, political, personal, or organizational benefit or adverse consequence of technology." Among other papers, Technology Science currently features research on Facebook Messenger's geolocation collection and disclosure, medical privacy, and price discrimination in international travel. EPIC has worked extensively to promote locational privacy, medical privacy, and fair and transparent decision-making. Professor Sweeney serves as a member of the EPIC Advisory Board.

August 24, 2015

Appeals Court Upholds FTC's Data Security Authority

A federal appeals court ruled that the Federal Trade Commission can enforce data security standards. In FTC v. Wyndham, the agency sued Wyndham hotels after the company exposed financial data of hundreds of thousands of customers. The company argued that the FTC lacked authority to enforce security standards, but the court disagreed. EPIC filed an amicus brief, joined by leading technical experts and legal scholars, defending the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards." EPIC explained that data breaches, which have caused more than $500 million in damages last year alone, are one of the top concerns of American consumers.

August 28, 2015

Following EPIC Complaint, FOIA Ombudsman Announces Investigation of Practices at DHS

The federal FOIA ombudsman has informed EPIC that it is investigating the FOIA practices of six DHS component agencies. In 2014, EPIC and a dozen open government organizations urged the Office of Government Information Services to investigate the impermissible closures of FOIA requests. Through "still interested" letters, some federal agencies notify FOIA requesters that unprocessed requests will be closed by the agency if there is no further communication. EPIC and the open government groups object to the practice and reminded OGIS that "no provision in the [FOIA] allows for administrative closures." An earlier EPIC letter to OGIS led to a reduction of fee payments for FOIA requesters.

August 29, 2015

D.C. Circuit Reverses Important NSA Surveillance Ruling, Sends the Case Back to Lower Court

A divided panel of the D.C. Circuit has reversed a lower court decision that the NSA bulk metadata collection program violated the Fourth Amendment. The judges in Klayman v. Obama agreed that the plaintiff did not have sufficient evidence that his telephone records were collected. But the majority of the panel agreed that the plaintiff should be allowed to conduct "discovery" to prove standing, and remanded the case to the lower court. In 2013, EPIC filed a petition in the Supreme Court, In re EPIC, arguing that the NSA program was unlawful. In 2014, EPIC and a broad coalition urged the President to end the NSA surveillance program.

About August 2015

This page contains all entries posted to epic.org in August 2015. They are listed from oldest to newest.

July 2015 is the previous archive.

September 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.