« August 2015 | Main | October 2015 »

September 2015 Archives

September 4, 2015

New Justice Department Policy Requires Warrants for Cell-Site Simulators

The Justice Department released new guidelines that require the Department's law enforcement components to obtain a warrant before using cell site simulator devices, often referred to as "Stingrays." The policy prohibits officers from using Stingrays to intercept communications, and requires that all non-target data be deleted after use. Documents obtained by EPIC in a Freedom of Information lawsuit revealed the FBI was using the cell-site simulators without a warrant and supplying the technology to other law enforcement agencies. EPIC also filed amicus briefs in U.S. v. Jones and State v. Earls arguing that a warrant is required to obtain location information.

September 8, 2015

Federal Agencies Seek Comment on Protections for Human Research Subjects

The Department of Health and Human Services is seeking public comment on proposed revisions to the "Common Rule," ethical rules regarding biomedical and behavioral research involving human subjects in the United States. The proposal seeks to strengthen requirements for informed consent but would also exempt certain categories of research from administrative review. The Department will accept public comments on the proposed revisions until December 6, 2015. EPIC previously submitted comments to the Department of Health and Human Services, warning that medical privacy standards for deidentification were "gravely inadequate" and urged support for stronger techniques of deidentification. EPIC routinely comments on privacy issues involved in health data.

EPIC Defends Privacy Laws in Supreme Court Brief

In an amicus brief for the Supreme Court EPIC defended Congress's authority to enact laws that safeguard the privacy of American consumers. EPIC explained that "Congress enacted laws that establish rights for individuals and imposed obligations on the companies that profit from the collection and use of this data." Spokeo v. Robins arises from a data broker's publication of inaccurate, personal information in violation of the Fair Credit Reporting Act. The data broker charged that, in addition to the violation of federal law, Mr. Robbins must also show that he was specifically harmed. Citing the current epidemic of privacy risks in the United States, including data breaches, identity theft, and financial fraud, EPIC wrote in the brief that this is "not the time for the Supreme Court to limit the ability of individuals to seek redress for violations of privacy rights set out by Congress." The EPIC amicus brief in Spokeo was endorsed by thirty-one technical experts and legal scholars, members of the EPIC Advisory Board.

September 9, 2015

EU and US Reach Agreement on Data Protection for Investigations

US officials have concluded an agreement with their European counterparts on data protection for transatlantic criminal investigations. The EU Justice Commissioner stated "Once in force, this agreement will guarantee a high level of protection of all personal data when transferred between law enforcement authorities across the Atlantic." The US Congress must next pass the Judicial Redress Act for the "Umbrella Agreement" to take effect. EPIC has previously urged US ratification of Council of Europe Convention 108, "the most widely known international framework for privacy protection."

Congress to Examine Commercial Drones, Privacy and Safety Issues Loom Large

The House Judiciary Committee will hold a hearing on Unmanned Aerial Vehicles: Commercial Applications and Public Policy Implications. The FAA has granted nearly 1,500 exemptions to commercial drone operators even as public safety risks and privacy concerns increase. EPIC has sued the agency for its failure to establish privacy safeguards prior to the deployment of commercial drones in the United States. The lawsuit, EPIC v. FAA, follows an act of Congress requiring the agency to develop a "comprehensive plan" for the safe integration of drones in domestic airspace, and a petition, organized by EPIC and joined by over 100 experts organizations, calling on the FAA to establish privacy rules. EPIC previously testified in Congress in support of strong privacy legislation.

FTC Approves Final Order With Nomi Over Location Tracking

The FTC has finalized an order with Nomi Technologies resolving allegations that Nomi engaged in deceptive trade practices. Nomi, a company that provides retailers with in-store analytics via sensor-based tracking of customers' mobile devices, falsely promised customers the ability to opt-out at stores using its services. The FTC order prohibits Nomi from misrepresenting its privacy practices in the future. EPIC has pursued several important consumer privacy issues at the FTC leading to settlements, including Google, Snapchat, Facebook and other firms. EPIC currently has a complaint pending at the FTC concerning Uber and locational tracking.

September 10, 2015

EPIC Pursues Public Release of EU-US Agreement on Data Transfers

EPIC has filed an expedited FOIA request to obtain a secret agreement between US and EU law enforcement agencies concerning the transfer of personal data. Citing legislation pending in Congress and NGO concern about the scope of the data protection safeguards, EPIC said "there is an urgency to inform the public" about the contents of the agreement. EPIC has pursued numerous FOIA cases and routinely made the information obtained available to Congress and the public. The agency has 10 days to respond to EPIC's request about the law enforcement "umbrella agreement."

September 12, 2015

European Privacy Supervisor Proposes Ethics Board

The European Data Protection Supervisor will establish a new Ethics Board and has urged exploration of the "ethical dimension in future technologies to retain the value of human dignity and prevent individuals being reduced to mere data subjects." The recommendation follows the EDPS 2015-2019 Action Plan, announced earlier this year. EPIC has previously noted that computer scientists were among the first to establish ethical obligations for the development and use of new information technologies.

September 14, 2015

Government Gets Extension in EPIC Supreme Court Case about Cellphone Shutdown Policy

The US Supreme Court has granted the Solicitor General extra time to respond to EPIC's charges that the government's effort to keep under wraps a controversial cellphone shutdown policy violates the law. EPIC has pursued public release of the government policy since BART subway officials shut down cellphone service during a peaceful protest in 2011. After EPIC prevailed in district court and a judge ordered release of the policy, the government appealed and a federal appeals court reversed. In the Supreme Court petition, EPIC argued that the was "contrary to the intent of Congress, this Court's precedent, and this Court's specific guidance on statutory interpretation." The government's response is now due on October 14.

In the States: California Governor Vetoes Drone Privacy Bill

Following lobbying by several tech companies, California Governor Jerry Brown has vetoed a bill that would have prohibited drone trespass over private property. Neighboring Oregon provides a civil action against drone operators who fly lower than 400 feet over private property. EPIC has testified in Congress in support of comprehensive drone privacy legislation, argued before the New Mexico Supreme Court in support of a warrant requirement for low altitude aerial surveillance, and sued the FAA for failing to establish drone privacy safeguards.

September 15, 2015

EPIC Urges Wisconsin to Protect SSNs of Job Seekers

In testimony for the Wisconsin legislature, EPIC urged state lawmakers to protect the privacy of SSNs for job seekers. EPIC expressed support for a bill that prohibits the Department of Workforce Development from requiring SSNs from those who are trying to obtain employment information from the state. EPIC explained that other states do not require SSN collection for job seekers and urged the development of a "context-dependent" identifier. EPIC has previously warned Congress about the link between SSN misuse and identity theft. EPIC's State Policy Project is monitoring privacy bills nationwide.

Congress Moves to Advance Judicial Redress Act as Secret Police Agreement is Leaked in Europe

A Congressional committee will this week consider endorsement of the Judicial Redress Act, after announcement of the just concluded EU-US "Umbrella Agreement." EPIC filed expedited an FOIA requests to obtain the text of the secret agreement. The document was since made available by Statewatch. EPIC will pursue official release of the Agreement from US and EU authorities to the public. Regarding amendments to the Privacy Act, EPIC has made extensive recommendations for Privacy Act modernization, including specific changes to the damages provision that would correct a Supreme Court holding and address such problems as the OPM data breach.

September 16, 2015

Senate Considers Modest Updates to ECPA

The Senate Judiciary Committee will hold a hearing on proposed amendments to the Electronic Communications Privacy Act. The bill under consideration would establish a warrant requirement for the disclosure of electronic communications. The ECPA Amendments Act would also require notice to customers whose communications have been collected. Senator Leahy said that passage of the bill should be a "no brainer." But the bill stops short of several updates recommended by EPIC, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services.

EPIC Recommends Changes to Judicial Redress Act

In a letter to the House Judiciary Committee, EPIC recommended changes to the Judicial Redress Act to provide meaningful protections for data collected on non-U.S. persons. The bill, also pending in the Senate, seeks to amend the federal Privacy Act. EPIC explained that the legislation under consideration fails to provide adequate protection to permit transborder data flows. EPIC also pointed to increasing public concern in the United States about failure to enforce the law. EPIC has previously recommended Congressional action to ensure adequate protections for all personal information collected by U.S. federal agencies. EPIC is also seeking public release of the text of the EU-US "Umbrella Agreement."

September 17, 2015

Senators Markey and Blumenthal Push Automakers to Protect Drivers from Remote Hacking

Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have sent letters to 18 automakers asking how each company is protecting drivers from remote hacking. Earlier this year, a reporter detailed his experience driving a hacked Jeep. Markey and Blumenthal have also introduced the SPY Car Act to establish cybersecurity and privacy requirements for new passenger vehicles. EPIC has urged the Transportation Department to protect driver privacy. EPIC has written extensively on interconnected devices, including cars, known as the "Internet of Things" and has also said that "cars should not spy on drivers."

New Report Highlights Consumer Goals for EU Privacy Law

BEUC, The European Consumer Organization, has published "My Personal Data", outlining key requirements for negotiations in Europe on the General Data Protection Regulations. BEUC underscored "the urgent need to put consumers back in control over the way their personal data is processed online." The BEUC report emphasized strong data protection principles, enhanced rights for individuals, and a comprehensive enforcement scheme. EU negotiations involve a "trilogue" of the European Parliament, the Council, and the Commission, with the EU Data Supervisor also playing an active role. In the U.S., EPIC supports the Consumer Privacy Bill of Rights and organized a coalition of consumer privacy groups to urge President Obama to enact the privacy framework into law.

September 20, 2015

EPIC Sues Coast Guard, DHS for Information on Boater Tracking Program

EPIC has sued the U.S. Coast Guard and the Department of Homeland Security to obtain information on a federal government program to track and record the location of boaters. According to EPIC, the DHS intends to transfer the data from the Nationwide Automatic Identification System to federal and state agencies, as well as foreign governments. "The NAIS program exceeds the stated purpose of marine safety and constitutes an ongoing risk to the privacy and civil liberties of mariners across the United States," wrote EPIC in the FOIA lawsuit. The boating community has expressed concern over the tracking program. A previous FOIA request from EPIC to the agency went unanswered. Press Release - EPIC v. CG, DHS, No, 15-1527.

September 21, 2015

Survey: 74% of Presidential Candidate's Websites Fail on Privacy

According to an audit of the websites of the 2016 Presidential Candidates, only 6 of the 23 candidates received passing grades for their website privacy policies - Bush, Chafee, Christie, O’Malley, Santorum, and Walker. Four sites had no privacy policy at all, several failed to disclose their data disclosure practices, and several more said they would disclose personal information to others, or even sell the data. EPIC conducted the first privacy web site survey, Surfer Beware: Personal Privacy and the Internet, in 1997. And EPIC promoted non-partisan debate on privacy issues in the 2012, 2010, and 2008 Presidential elections.

Google Ordered to Comply with Ruling of European High Court

The French Data Protection Authority, the "CNIL," has ordered Google to comply with the judgement of the Court of Justice of the European Union concerning the "Right to be Forgotten." The CNIL rejected Google's proposal to remove only a few links to the personal information it publicized widely around the world. The President of the CNIL said the decision "simply requests full observance of European legislation by non European players offering their services in Europe." EPIC has previously explained that the right to privacy is global and that the position of Google, as an operator of search engines around the world, does not make sense.

September 23, 2015

Decision by EU Legal Advisor Signals End of "Safe Harbor"

An opinion by the top advisor for Court of Justice of the European Union indicates that the "Safe Harbor" arrangement, which permits the transfer of personal data to the US without legal protection, will come to an end. Under Safe Harbor, US companies self-certify compliance with EU data protection law. But the Advocate General has found the arrangement fails to protect privacy and should be declared invalid. Max Schrems, who initiated the case in Ireland, stated "This finding, if confirmed by the court, would be a major step in limiting the legal options for US authorities to conduct mass surveillance on data held by EU companies." The European Digital Rights Initiative also supported the decision. EPIC has recommended that the US update the Privacy Act to protect EU citizens and ratify the international convention for privacy protection.

September 25, 2015

EPIC celebrates International Right to Know Day

On September 28, EPIC celebrates International Right to Know Day and government transparency. EPIC has pursued numerous FOIA cases and routinely made the information obtained available to Congress and the public. EPIC recently filed a FOIA request to obtain the secret US-EU data transfer agreement. For more information, see EPIC Open Government. @EPICprivacy #FOISuccess #IRTKD2015

September 28, 2015

EPIC Expresses Support for Advocate General Opinion in Schrems Case

In a statement issued today, EPIC supported a recent opinion of the Advocate General of the Court of Justice of the European Union which found that the Safe Harbor Arrangement was invalid. Safe Harbor has operated for several years as a substitute for the legal protections that would otherwise be required for the transfer of personal data across national borders. EPIC said that Safe Harbor has "given rise to significant concerns on both sides of the Atlantic about the adequacy of the privacy and security afforded personal information." Earlier today the US Mission issued a statement calling into question the opinion of the Advocate General. The Mission stated that the PRISM program, operating in conjunction with Safe Harbor and involving the mass surveillance of EU citizens, is "duly authorized by law, and strictly complies with a number of publicly disclosed controls and limitations."

News Reports: FTC Investigating Google Anti-Competitive Practices

According to the New York Times and Bloomberg News, the FTC is investigating whether Google unfairly prioritizes its own products on the Android platform. Google bundles several Google products on the Andriod platform and requires manufacturers to install them directly onto smartphones. DOJ pursued antitrust violations against Microsoft for this type of "tying" or "bundling" practice. EPIC previously urged the Senate and the FTC to investigate Google's business practices because of the privacy implications. EPIC had opposed Google's acquisition of online advertiser Doubleclick, which the FTC approved over the objection of former FTC Commissioner Pamela Harbor, who cited the close ties between monopoly practices and privacy violations.

September 29, 2015

In Court: EPIC Challenges FAA Failure to Establish Drone Privacy Rules

EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration. EPIC charged that the agency’s failure to establish privacy rules for commercial drones is a violation of law and should be overturned. The EPIC lawsuit followed an Act of Congress requiring a “comprehensive plan” for the integration of drones and petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. EPIC stated that “As the agency has determined not to issue rules, contrary to the FAA Modernization Act and EPIC’s Rulemaking Petition, the Court must now order the agency to do so.” The case is EPIC v. FAA, No. 15-1075. The United States Court of Appeals for the DC Circuit is expected to hear oral argument in the case early next year. Press Release - EPIC v. FAA

EPIC Urges Homeland Security to Uphold the Public's Right to Know

On International Right to Know Day, EPIC submitted comments to the Department of Homeland Security, urging the agency to uphold the Freedom of Information Act. EPIC objected to several of the agency's proposals, including changes to the FOIA that would: (1) prematurely terminate FOIA requests; (2) withhold the names of agencies to which DHS may refer FOIA requests; and (3) increase open government fees for students conducting research. EPIC also supported several changes that will make it easier for the public to obtain information from the DHS. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters.

About September 2015

This page contains all entries posted to epic.org in September 2015. They are listed from oldest to newest.

August 2015 is the previous archive.

October 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.