« June 2016 | Main | August 2016 »

July 2016 Archives

July 1, 2016

President Obama Signs FOIA Reform Bill Into Law

Celebrating 50 years since enactment of the Freedom of Information Act, the Congress has passed, and the President has signed the FOIA Improvements Act of 2016. The Act creates a new portal for requesters, requires the proactive disclosure of frequently requested records, strengthens the Office of Government Information Services, and codifies the "Presumption of Openness" in the processing of requests for information about government. Senator Patrick Leahy (D-Vt.), a champion of open government, stated "Our founders had the revolutionary vision to create a government of, by, and for the people. Today we have helped strengthen that ideal." EPIC and many open government advocates urged the President to support these reforms. EPIC also established the website FOIA.ROCKS.

Wiretaps Increase Sharply in 2015, No Evidence of Government Surveillance "Going Dark"

In 2015, combined state and federal wiretap applications increased 16% from 3,555 to 4,148. But while government surveillance applications went up dramatically, the number of cases where investigators encountered encryption dropped significantly. Encryption was encountered in only 13 cases in 2015. The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015. Law enforcement claims of "going dark” continue to be undermined by surveillance reports. EPIC has repeatedly cited the Wiretap Reports as a model of transparency for government surveillance activities and maintains comprehensive charts about the reports. The reports reveal, for example, that drug offenses were the most prevalent type of criminal offense investigated using wiretaps: 79 percent of all applications for intercepts (3,292 wiretaps) in 2015 cited illegal drugs as the most serious offense under investigation.

July 5, 2016

White House Releases Flawed Privacy Research Agenda

The White House has announced the National Privacy Research Strategy, which the authors state "will enable the U.S. to benefit from innovative data use while protecting privacy." The National Strategy focuses on measuring the "privacy desires" of users rather than the extent of the problem or goals to safeguard privacy, such as coding Fair Information Practices, developing genuine Privacy Enhancing Techniques, or complying with Privacy Act obligations. The "National Strategy" follows from a similar report in 2014 that embraced big data without considering actual privacy risks in data collection. In 2015, the federal government lost 21.5 million records of federal employees and their families. A recent book from EPIC "Privacy in the Modern Age: The Search for Solutions" outlines several new approaches for privacy protection, and builds on earlier work by members of the EPIC Advisory Board.

U.N. Passes Resolution Condemning Internet Shutdowns

The United Nations Human Rights Council passed a resolution to support human rights online. The resolution condemns internet shutdowns that have become more common around the world. In accordance with the Universal Declaration of Human Rights, the resolution reaffirms the U.N.'s stance that "the same rights people have offline must also be protected online." EPIC joined an international coalition of civil society organizations to reject disruption of Internet access. EPIC previously sued the Department of Homeland Security to obtain public release of the US shutdown policy following the suspension of cell phone service during a peaceful protest at a BART transit station in San Francisco. Portions of the government policy "Standard Operating Procedure 303" were eventually released to EPIC.

EPIC Sues for Release of Government Oversight Reports

EPIC has filed a FOIA lawsuit against the Department of Justice to obtain the agency’s secret watchdog reports. The mission of the Office of the Inspector General is “to detect and deter waste, fraud, abuse, and misconduct.” However, many of the reports are kept secret. Those reports, EPIC explained in the complaint, "are critical for the public to understand the measures taken to increase the efficiency and effectiveness of the DOJ, and as a mechanism to hold the agency accountable.” EPIC previously obtained oversight reports on the CIA surveillance of muslims in New York, and CIA spying on Senate staff.

July 6, 2016

Coalition Urges President to Nominate New Member for Oversight Board

EPIC and many privacy and civil liberties organizations have urged President Obama to promptly nominate a new member to the Privacy and Civil Liberties Oversight Board with a strong civil liberties background. The coalition argued that the Oversight Board’s “role is too important to allow it to slip back into dormancy, even for a few months.” The previous Chair David Medine recently stepped down, leaving a vacancy on the five-member panel, responsible for overseeing privacy protection. EPIC has urged the Board to review surveillance under Executive Order 12333 and recommended the Board ensure Privacy Act compliance across the federal government.

July 7, 2016

EPIC Tells FCC to Reject "Notice and Choice" Approach to Privacy

EPIC has filed reply comments with the Federal Communications Commission on the proposed broadband privacy rules. EPIC said that the proposed rules are a modest first step and that the FCC has legal authority to do more to safeguard American consumers. EPIC also responded to erroneous statements from industry groups that the FTC's "notice and choice" framework safeguards consumer privacy. EPIC described numerous shortcomings, including lack of enforcement, frequent changes in privacy policies, and data breaches. "Notice and choice" is “directly at odds with baseline privacy standards,” EPIC said. EPIC previously urged the Commission to "address the full range of communications privacy issues facing US consumers" and to apply the Consumer Privacy Bill of Rights to communications data.

Continue reading "EPIC Tells FCC to Reject "Notice and Choice" Approach to Privacy" »

EPIC Scrutinizes FBI's Massive Biometric Database

In comments to the FBI, EPIC criticized the Bureau’s proposal to remove Privacy Act safeguards from a database containing biometric data on millions of citizens, much of it unrelated to law enforcement. Through a FOIA lawsuit, EPIC obtained documents about the “Next Generation Identification” database that revealed an error rate up to 20% for face recognition searches. EPIC warned the FBI of the privacy and civil liberties risks as well as the potential for data breaches. EPIC urged the FBI to limit the scope of data collection, reduce the retention of data, and maintain the protections of the Privacy Act.

July 12, 2016

European Commission Signs Off on Flawed "Privacy Shield"

The European Commission has approved the "Privacy Shield" which will allow companies to transfer personal data of Europeans to the U.S. without legal protections. European data protection authorities, the European Data Protection Supervisor, and EU and US NGOs identified flaws with the non-binding framework. Citing a judgement of the European high court which struck down a similar framework, Max Schrems and Jan-Philipp Albrecht predicted that the "Privacy Shield will share the history of the previous Safe Harbor and be invalidated by the European Court of Justice." EPIC and other consumer organizations urged the EU and US to strengthen safeguards for transborder data flows. According to the Federal Trade Commission, identity theft complaints in the US increased by 47% between 2014 and 2015.

July 13, 2016

Trade Agreements Undermine Data Protection, New Study Shows

A new report "Trade and Privacy" argues that trade agreements are at odds with EU laws that protect privacy and data protection. The study concludes "current measures used by the EU to safeguard its data protection laws in trade agreements are not sufficient." The report recommends a comprehensive exemption for data protection rules in all trade agreements, based on GATS Article XIV. EU NGOs previously recommended that consumer privacy and data policy be excluded from the Transatlantic Trade and Investment Partnership negotiations. The study was authored by scholars at the Institute for Information Law at the University of Amsterdam and commissioned by BEUC, TACD, EDRi and CDD. EPIC's Marc Rotenberg will speak about trade agreements, privacy and the internet at IGF USA 2016.

FAA Reauthorization Grounds Drone Privacy Safeguards

Shortly before adjourning, Congress passed the FAA Extension, Safety and Security Act of 2016 without drone privacy provisions authored by Senator Markey, included in the original legislation. Senator Markey said "Now is the time to prevent these eyes in the skies from becoming spies in the skies." EPIC urged Congress and the FAA to establish limits on drone surveillance. In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. EPIC's proposal to require remote identification of drones was incorporated in the legislation enacted by Congress.

July 14, 2016

EPIC FOIA: Transportation Department Releases New Drone Meeting Documents

In response to an EPIC Freedom of Information Act lawsuit, the Department of Transportation has released to EPIC another set of documents from the agency's secret meetings with industry groups about drone policy. The newly released documents, which summarize an extensive three-day meeting between the FAA and industry groups, is conspicuously silent on privacy, despite public comments urging the agency to address privacy concerns.  In a related development, the FAA final rule on commercial drones failed to address the privacy risks of deploying drones in the United States. 

US Government Loses on Overseas Data Searches

A federal appeals court has ruled that the U.S. government cannot seize user data in foreign data centers under the Stored Communications Act. The decision reverses a lower court opinion that would have required Microsoft to hand over the contents of an email account stored  in Ireland. The appeals court concluded that the purpose of the Act was to protect “users’ privacy interests in stored communications” not the creation of law enforcement powers that could reach overseas. The decision will likely bolster efforts to keep data in jurisdictions with stronger privacy safeguards. EPIC has recommended US ratification of the International Privacy Convention to preserve trans border data flows.

July 16, 2016

Wisconsin Supreme Court Upholds Use of Sentencing Algorithms, But Recognizes Risks

The Wisconsin Supreme Court this week rejected a challenge to the use of a risk-assessment algorithm in a sentencing proceeding. These algorithms score an individual's risk of committing future crime. The Court sanctioned the use of such algorithms, provided they are not the exclusive determining factor of a sentence, and judges receive written warnings about the algorithm's shortcomings. Professor Danielle Citron warned that the court's faith in the secret techniques is "unwarranted" particularly because "human beings have a tendency to rely on automated decisions even when they suspect system malfunction." EPIC has advocated for algorithmic transparency and maintains a website describing the use of algorithms in the criminal justice system.

July 19, 2016

Irish Court Approves EPIC as Amicus in Schrems Case

The Irish High Court has accepted EPIC's application to participate in a case about data protection rights and Facebook's contractual clauses. The case follows Max Schrems' complaint to the Irish Data Protection Commissioner after the European Court of Justice's decision to strike down the Safe Harbor arrangement. EPIC will provide the Irish Court, and perhaps also the Court of Justice, expert opinion on U.S. surveillance law. EPIC recently joined a case before the European Court of Human Rights concerning the activities of British and U.S. intelligence organizations. EPIC has appeared as a "friend of the court" in almost 100 cases in the United States concerning emerging privacy and civil liberties issues.

July 20, 2016

Federal Appeals Court Strikes Down Texas Voter ID Law

A federal appeals court has ruled that a Texas voter ID law violates the Voting Rights Act. In a fractured opinion, the court held that Senate Bill 14 had a “discriminatory effect” on minorities’ voting rights, and remanded the case to the lower court. The appeals court instructed the district court to provide interim relief for individuals, which could include suspending the voter ID requirement, ahead of the November 2016 election. EPIC filed an amicus brief in the case, arguing that SB 14 also places an unconstitutional burden on voters’ rights to informational privacy because of the excessive collection of personal data.

EPIC Defends Right of Data Breach Victims to Seek Legal Relief

EPIC has filed an amicus brief urging a federal appeals court to protect a consumer’s ability to sue companies that fail to protect their personal information. A group of consumers sued a grocery chain after faulty security practices left  their credit card information exposed to hackers. A lower court dismissed the privacy case because consumers had not yet suffered from fraudulent transactions. In its brief, EPIC explained that the court misunderstood the relevant law, confusing the legal obligations of companies to maintain good security with the harm that consumers eventually suffer. For the purposes of filing a lawsuit, EPIC said courts should focus on whether companies have violated a legal obligation such as safeguarding personal data, including credit card information. EPIC regularly files briefs defending consumer privacy.

July 22, 2016

EPIC Ask FTC to Investigate Privacy Risks of Pokemon GO

EPIC has urged the FTC to launch an investigation of Pokemon GO and the app's developer Niantic. When the augmented-reality app was first released, Niantic granted itself "full access" to users' Google accounts in violation of federal privacy law. Even after recent changes, the company continues to collect detailed location history and has access to smartphone cameras. Pokemon GO "raises complex and novel privacy issues that require close FTC scrutiny," EPIC told the Commission. Senator Al Franken recently sent a letter to the company asking for clarification on the scope and purpose of its data collection. Niantic has close ties to Google and its CEO oversaw Google's controversial Street View project, which was found to collect private wifi data transmissions.

July 26, 2016

EPIC Explains to Federal Appeals Court that Mobile App Users Protected by Video Privacy Law

EPIC has filed an amicus brief defending the privacy rights of users of  video apps. In the case, a CNN mobile app users challenged the disclosure of his video viewing history and personal information as a violation of federal privacy. In the brief for the federal appeals court, EPIC explained that that the privacy protections in the Video Privacy Protection Act apply to mobile apps that provide video service. EPIC said that the video privacy law covers the personal information collected by mobile apps, including the unique identifiers of the user’s device, and also that the privacy obligations apply to all companies that collect the viewing records of Internet users.  EPIC previously filed a brief in a similar case concerning the collection of video viewing records.

EPIC, Consumer Coalition Oppose Robocalls by Government Contractors

EPIC and a coalition of consumer groups have petitioned the FCC to reverse its recent decision to exempt federal contractors from restrictions on telemarketing and robocalls. The FCC incorrectly determined that the Telephone Consumer Protection Act (TCPA) “does not apply to calls made by or on behalf of the federal government in the conduct of official government business.” The petition, led by the National Consumer Law Center, warns of significant increases in unwanted robocalls from government contractors that consumers would be powerless to stop. EPIC supports robust telephone privacy protections and filed an amicus brief in support of the FCC’s 2015 order that strengthened consumer protections under the TCPA.

July 27, 2016

European Data Protection Supervisor Calls for Stronger Protections for Electronic Communications

The top European data protection official, the European Data Protection Supervisor, has called for strong privacy protections in the "ePrivacy Directive", an updated framework to safeguard personal information. "The scope of new ePrivacy rules needs to be broad enough to cover all forms of electronic communications irrespective of network or service used." The Data Protection Supervisor also said the legislation should "allow users to use end-to- end encryption without back doors". NGOs and data protection officials have also called for the reform of the European legislation after the adoption of the General Data Protection Regulation. EPIC has urged the FCC to establish a comprehensive framework for communications privacy, noting the work now underway in Europe to update privacy laws.

About July 2016

This page contains all entries posted to epic.org in July 2016. They are listed from oldest to newest.

June 2016 is the previous archive.

August 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.