« September 2015 | Main | November 2015 »

October 2015 Archives

October 2, 2015

FAA Misses Deadline on Drones Regs, Also Ignores Privacy

FAA has failed to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.

Senators Push DHS to Enact Cell Phone Monitoring Policy

Senator Chuck Grassley and Senator Patrick Leahy have asked DHS Jeh Johnson to enact a policy on cell phone surveillance devices, known as "Stingrays." The Department of Justice recently adopted new guidelines on Stingray use that requires agents to obtain a search warrant before employing Stingrays. The DOJ policy also prohibits officers from using Stingrays to intercept communications, and requires that all non-target data be deleted after use. Documents obtained by EPIC in a FOIA lawsuit revealed the FBI was using the cell-site simulators without a warrant. EPIC also filed amicus briefs in U.S. v. Jones and State v. Earls, arguing that a warrant is required to obtain location information from cell phone subscribers.

October 5, 2015

Solicitor General to Support Consumers in Supreme Court Privacy Case

The Solicitor General will argue in support of consumer privacy in Spokeo v. Robins, a critical case now before the US Supreme Court about the future of federal privacy law. EPIC, and leading technical experts and legal scholars, also filed a brief in support of consumer privacy laws, highlighting the rise of data breaches and identify theft. EPIC urged the Court not to "limit the ability of individuals to seek redress for violations of privacy rights set out by Congress." The Court will hear arguments in Spokeo on November 2, 2015.

October 6, 2015

European Court Strikes Down "Safe Harbor," Focus Shifts to Adequacy of US Privacy Laws

In a stunning decision, the European Court of Justice today ruled that the transatlantic "Safe Harbor" data pact is invalid. Consumer organizations and civil liberties groups in Europe and the United States applauded the outcome. Safe Harbor had been widely criticized for failing to provide adequate data protection for users of Internet-based services. The European Parliament earlier recommended against renewal of Safe Harbor. Max Schrems, the Austrian law student who brought the case, praised the judgement and said the "solution will very likely require severe changes in US law" not "just an update to the current 'safe harbor' system." @maxschrems @EUCourtPress

EPIC Testifies Before Senate on Risks of SSN on Medicare Cards

EPIC will testify before the Senate Committee on Aging about "Protecting Seniors from Identity Theft: Is the Federal Government Doing Enough?" A law enacted earlier this year prohibits the inclusion of SSNs on Medicare cards, but the federal agency tasked with implementing the change has said it will take years. In a prepared statement, EPIC President Marc Rotenberg warns about the growing risk of SSN-related identity theft. Mr. Rotenberg said, "Given the growing risk of identity theft coupled to the SSN and the fact that other federal agencies have already removed the SSN from identity cards, there is simply no excuse for further delay." EPIC has long urged Congress and state legislators not to use the SSN on identity documents.

October 9, 2015

Congress Holds Hearing on Drone Safety After FAA Misses Deadline on Drone Regs

The House Subcommittee on Aviation held a hearing on drone safety after the FAA's failure to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. Chairman LaBiondo (R-NJ) said at the hearing, "The real possibility of a mid-air collision must be taken seriously in order to prevent tragic consequences." EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.

OECD Finalizes Risk Management Guidelines

The OECD has published the new Recommendation on Digital Security Risk Management a revision of the 2002 OECD Security Guidelines. Science, Technology and Innovation Director Andrew Wyckoff said that "a totally secure digital environment is impossible". EPIC supports the Recommendations which emphasize digital security risk management "in a transparent manner and consistently with human rights and fundamental values." EPIC has long been engaged with the work of OECD and supports civil society participation at the 2016 OECD Ministerial Meeting on the Digital Economy.

California Enacts Innovative Privacy Protections for Drones and SmartTVs

California Governor Jerry Brown has signed laws that provide California residents with privacy protections against drones and SmartTVs. AB856 prohibits drone flight in the airspace above private property with the intent of taking photos, video, or a sound recording of a person. AB1116 prohibits the use of voice recognition on SmartTVs unless consumers are "prominently inform[ed]" during the initial setup of the TV. The new California law also prohibits the use of voice recording for advertising purposes. Earlier this year, EPIC filed a complaint to the Federal Trade Commission about Samsung's SmartTVs and recommended new consumer safeguards. EPIC has also recommended drone privacy safeguards to the US Congress, the FAA, and State courts.

California Rejects Warrantless Surveillance, Enacts "CalECPA"

California Governor Jerry Brown has signed the California Electronic Communications Privacy Act (CalECPA). CalECPA requires law enforcement to obtain a warrant before accessing digital data including metadata, location data, emails, and text messages. The warrant requirement applies to searches of electronic devices themselves and to content stored by an online service provider. In response to requests from the US Congress, EPIC has made several recommendations regarding updates to the federal ECPA. EPIC has also obtained documents from the FBI concerning Stingray surveillance technology, which is now prohibited under the California bill.

October 11, 2015

Obama Drops Plan to Regulate Crypto

According to the New York Times, President Obama has concluded that "it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit." Earlier this year Apple CEO Tim Cook said at the EPIC Champions of Freedom dinner, "Criminals are using every technology tool at their disposal to hack into people's accounts. If they know there's a key hidden somewhere, they won't stop until they find it." EPIC launched the public campaign for the freedom to use encryption in 1994 and several of the world's leading cryptographers are members of the EPIC Advisory Board. Tim Cook received the 2015 EPIC Champion of Freedom Award. Past recipients include Max Schrems and Edward Snowden.

October 12, 2015

Government Gets Second Extension in EPIC Supreme Court Case about Cellphone Shutdown Policy

The US Supreme Court has granted the Solicitor General more time to respond to EPIC's charges that the government's effort to keep under wraps a controversial cellphone shutdown policy violates the law. EPIC has pursued public release of the government policy since BART subway officials shut down cellphone service during a peaceful protest in 2011. After EPIC prevailed in district court and a judge ordered release of the policy, the government appealed and a federal appeals court reversed. In the Supreme Court petition, EPIC argued that the was "contrary to the intent of Congress, this Court's precedent, and this Court's specific guidance on statutory interpretation." The government's response is now due on November 13.

October 14, 2015

EPIC Pursues Public Release of Secret DNA Forensic Source Code

EPIC has filed public records requests in six states to obtain the source code of "TrueAllele," a software product used in DNA forensic analysis. According to recent news reports, law enforcement officials use TrueAllele test results to establish guilt, but individuals accused of crimes are denied access to the source code that produces the results. A similar program used by New Zealand prosecutors was recently found to have a coding error that provided incorrect results in 60 cases, including a high-profile murder case. EPIC has previously urged the US Supreme Court to carefully consider the reliability of new investigative techniques and argued a federal appeals case against DNA dragnet surveillance. Citing the importance of algorithmic transparency in the criminal justice system, EPIC filed requests in California, Louisiana, New York, Ohio, Pennsylvania, and Virginia.

October 17, 2015

European Data Protection Authorities Conclude Data Transfers under Safe Harbor Now Unlawful

Following the landmark ruling that invalidated the Safe Harbor data transfer arrangement, the Article 29 Working Party, composed of privacy officials across Europe, issued a preliminary statement. They called for solutions "enabling data transfers to the territory of the United States that respect fundamental rights." They concluded that "transfers that are still taking place under the Safe Harbour decision after the CJEU judgment are unlawful." Also, Standard Contractual Clauses and Binding Corporate Rules will not provide an adequate basis. EPIC, US and European consumer organizations have urged lawmakers in the United States to update US privacy law.

October 19, 2015

New Mexico Supreme Court Finds Warrantless Aerial Surveillance Violates Fourth Amendment

The Supreme Court of New Mexico ruled in State v. Davis that the Fourth Amendment prohibits the warrantless aerial surveillance of, and interference with, a person's private property. Specifically, the court found that "prolonged hovering close enough to the ground to cause interference with Davis' property transformed this surveillance from a lawful observation of an area left open to public view to an unconstitutional intrusion into Davis' expectation of privacy." EPIC filed a friend of the court brief and presented oral argument before the Court. EPIC said that aerial surveillance threatens privacy and property interests and that surveillance in the airspace close to a home violates the Fourth Amendment. The New Mexico Supreme Court agreed. EPIC frequently amicus briefs on emerging privacy and civil liberties issues.

October 20, 2015

FAA To Establish Drone Registration Database, Privacy Safeguards Still Needed

The Department of Transportation and FAA announced that drone operators will be required to register with a national drone registration database. A task force will develop recommendations for the registration process by November 20. The registration requirement is aimed at protecting public safety and promoting accountability, but creates new privacy risks. EPIC sued the FAA to develop privacy regulations for commercial drones. In EPIC v. FAA, EPIC recently argued that the agency's failure to establish privacy rules for commercial drones is a violation of law and should be overturned.

Case Against Facebook Moves Forward in Ireland

Following the ruling that invalidated the Safe Harbor arrangement, the Irish High Court has declared that the Irish Data Protection Commissioner is "obliged to investigate" Max Schrems' complaint and must follow "fair procedures under Irish and EU law." The Commissioner pledged a "quick and swift procedure." Facebook's last minute motion to join the procedure was denied. "The Schrems case underscores the need for the U.S. to strengthen its right to privacy," EPIC's Marc Rotenberg told the Washington Post.

October 21, 2015

House to Consider Bill on Vehicle Data Privacy and Cybersecurity

The House Energy and Commerce Committee will hold a hearing to consider a draft legislation concerning vehicle data privacy and cybersecurity. The bill would require vehicle manufacturers to establish privacy policies and would prohibit vehicle data hacking. However, the bill provides only limited enforcement of the privacy and cybersecurity provisions. EPIC has previously recommended safeguards for vehicle event data recorders (EDRs) and urged the Transportation Department to protect driver privacy. EPIC has written on the privacy and security implications of the "Internet of Things," which includes cars.

House Passes Faux Privacy Bill

The House of Representatives has passed the Judicial Redress Act of 2015, which—contrary to its stated purpose—fails to extend Privacy Act protections to non-U.S. citizens. In a letter to Congress, EPIC explained that the bill does not provide adequate protection to permit transborder data flows and recommended changes to ensure protections for all personal information collected by U.S. federal agencies. Congress moved to advance the bill after announcement of the recently concluded but secret EU-US "Umbrella Agreement". EPIC submitted a Freedom of Information request for the Umbrella agreement, and recently filed an administrative appeal challenging the agency's denial of expedited processing.

House Committee to Examine Cell Phone Surveillance

The House Subcommittee on Information Technology will examine law enforcement use of "Stingrays," a technique for tracking cell phones users. The Department of Justice adopted guidelines that require a warrant before using Stingray devices to track the location of mobile devices. Senators Grassley and Leahy recently asked DHS Secretary Jeh Johnson to adopt a similar policy for DHS. California passed a law requiring a warrant for a Stingray. Documents obtained by EPIC in a FOIA lawsuit revealed the FBI was using the cell-site simulators without a warrant. EPIC also filed amicus briefs in U.S. v. Jones and State v. Earls, arguing that a warrant is required to obtain location information from cell phone subscribers.

October 23, 2015

After FOI Request, EPIC Obtains Secret "Umbrella Agreement" from the EU Commission

The EU Commission, in response to a freedom of information request, has released to EPIC the text of the EU-US data transfer agreement. US and EU officials finalized the so-called "Umbrella Agreement" in September, but had kept the final document secret. EPIC has filed multiple FOIA requests with US federal agencies and the European Commission to obtain public release of the document. The Agreement, alongside the Judicial Redress Act, is a key document in the aftermath of the European court decision striking down the Safe Harbor arrangement. Legal scholars who have reviewed the agreement have concluded it is deeply flawed. EPIC continues to pursue the public release of the Agreement from US federal agencies.

D.C. Circuit Orders TSA to Produce Schedule for Final Rule on Body Scanners

The Court of Appeal for the D.C. Circuit today ordered TSA to comply with the ruling in EPIC v. DHS and conduct an "expeditious" rulemaking on the use of body scanners at airports. EPIC successfully sued TSA in 2011 to compel notice-and-comment rulemaking after the agency failed to solicit public comments as required by law. EPIC said the body scanner program was "unlawful, invasive, and ineffective." The backscatter x-ray devices were subsequently removed from U.S. airports, though the millimeter devices remain. In 2015 the Competitive Enterprise Institute filed a petition to compel TSA to issue a final rule as required by the EPIC v. DHS mandate. TSA now has 30 days to submit a rulemaking plan to the court.

October 27, 2015

EPIC Seeks Disclosure of Drone Task Force Participants

In a letter today, EPIC called on the FAA and Department of Transportation to make public the members of a new drone task force. The task force, announced last week, will make recommendations for a federal drone registry. The Transportation Secretary said that the task force will be composed of 25 to 30 individuals, but it is unknown whether privacy and safety advocates will be included. EPIC also filed an expedited FOIA request for the information, citing the fast-approaching November 20th deadline for the task force's recommendations.

Senator Leahy Opposes FOIA Exemptions in Cyber Security Bill

Senator Patrick Leahy (D-VT) urged fellow Senators to remove a proposed open government exemption in a pending cybersecurity bill. The Cybersecurity Information Sharing Act (CISA), said Sen. Leahy, "contains an overly broad new FOIA exemption that is both unnecessary and harmful." Sen. Leahy called the FOIA "our nation's premier transparency law," and said that any modifications must go through the Senate Judiciary Committee. "The Senate must have an open and honest debate about the Senate Intelligence Committee's bill and its implications for Americans' privacy and government transparency," remarked the Senator. Last year, EPIC won a five-year court battle against the NSA for NSPD 54, the foundational legal document for U.S. cybersecurity policies. EPIC has also set out recommendations for FOIA reform.

October 28, 2015

Civil Society Leaders in Amsterdam Issue Declaration on Fundamental Rights

Leading digital rights and consumer privacy organizations meeting in Amsterdam have issued a declaration "Fundamental Rights are Fundamental." Calling attention to the recent success of Max Schrems and the failure of self-regulation, the organizations said the "Bridges" report is "remarkably out of touch with the current legal reality and what we need to do to address it." The NGO leaders also criticized the organizers of the Amsterdam conference for "the failure to engage" many new challenges to data protection, including "Big Data" and drone surveillance. Privacy campaigner Simon Davies wrote, "There has never been a moment in history when the privacy regulator community needs to do more to restore trust and relevance. Instead, this week signals a new low in that trust."

Army Loses Surveillance Blimp; Blimp Roaming the East Coast

One of the military's controversial surveillance blimps has broken free from its tether in Maryland and is now drifting over Pennsylvania. According to a report, the blimp is now floating at 16,000 feet and dragging a 6,700 foot cable. Through a FOIA lawsuit filed earlier this year, EPIC uncovered details about the Army's plan to fly two "JLENS" blimps over the Washington, DC area. The several thousand documents uncovered by EPIC describe the use of JLENS, as well as the Army's relationship with the contractor Raytheon, which has proposed a video surveillance capability.

October 29, 2015

Supreme Court to Hear Critical Consumer Privacy Case

On Monday the Court will hear arguments in Spokeo v. Robins, a Fair Credit Reporting Act case brought on behalf of consumers whose rights were violated by the "people search" website. EPIC, technical experts, legal scholars, 15 other groups, and the U.S. Solicitor General, filed "friend of the court" briefs in support of the plaintiff. Citing the national epidemic of data breaches, identity theft, and financial fraud, EPIC argued to the Court this is "not the time for the Supreme Court to limit the ability of individuals to seek redress for violations of privacy rights set out by Congress." The EPIC brief was endorsed by thirty-one technical experts and legal scholars, members of the EPIC Advisory Board.

October 30, 2015

EPIC Obtains Documents on Boater Tracking Program

In response to an EPIC FOIA lawsuit, the U.S. Coast Guard has released documents relating to a controversial boater tracking program, NAIS (National Automated Information System). According to the documents obtained by EPIC, boaters have "no expectation of privacy with regard to any information transmitted on AIS." They also reveal that the agency fuses AIS data with other intelligence data to develop detailed profiles on boaters. The agency has transferred AIS data, which is subject to the Privacy Act, to at least 75 federal, state, local, and private entities. EPIC is anticipating the release of additional documents.

About October 2015

This page contains all entries posted to epic.org in October 2015. They are listed from oldest to newest.

September 2015 is the previous archive.

November 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.