« March 2017 | Main | May 2017 »

April 2017 Archives

April 3, 2017

EPIC Seeks Information on Sessions-Jourova Encryption Discussion

EPIC has filed an urgent Freedom of Information Act request for documents concerning a recent meeting between Attorney General Jeff Sessions and EU Commissioner Věra Jourová. The two reportedly discussed "a proposal [on] how to 'solve this problem'" of encryption. EPIC said in the FOIA request that "strong encryption is the cornerstone of the modern internet economy" and that encryption "is critical to preserving human rights and information security around the world." A proposal on encryption policy may be taken up at a June 2017 meeting between the United States and the European Union. EPIC has advocated for strong encryption since its founding and published the first comprehensive survey of encryption use around the world. In the FOIA request, EPIC also noted the growing risk to users of Internet-connected devices.

April 4, 2017

Trump Repeals Broadband Privacy Safeguards

Donald Trump signed a congressional resolution rescinding the FCC's broadband privacy rules. The rules required internet service providers to obtain consumers' consent before accessing sensitive information and to notify consumers of data breaches. The resolution nullifies the FCC's rules and blocks the FCC from enacting similar rules in the future. EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy, and also explained to Congress that the FTC does not effectively safeguard consumer privacy. EPIC also has a petition pending before the FCC to end the mandatory retention of private customer telephone records.

EPIC Recommends Scrutiny of DEA Surveillance Programs

In a letter to the House Judiciary Committee for an oversight hearing, EPIC highlighted civil liberties problems with DEA programs. In 2014, EPIC sued the DEA for information about the agency's Hemisphere program, a massive telephone record database. More recently, EPIC prevailed in a FOIA lawsuit that revealed the DEA's failure to conduct privacy assessments required by law, for the agency's license plate scanning program. In the letter EPIC urged the Committee to investigate the Hemisphere program and determine whether the agency will complete privacy impact statements for agency programs as required by law.

April 5, 2017

EPIC Brings Attention to Auto "Starter Interrupt Devices"

In a letter to the House Financial Services committee about the Consumer Financial Protection Bureau, EPIC highlighted its complaint about automobile "starter interrupt devices." EPIC alleges that companies use these devices to monitor borrowers' location and disable vehicles in violation of the Consumer Financial Protection Act. EPIC has asked the Bureau "to enjoin their unfair and abusive practices." In testimony, detailed comments, and letters, EPIC has urged Congress to establish safety standards for connected vehicles. EPIC has also submitted comments to the CFPB on debt collection practices and publication of consumer complaint narratives.

EPIC Recommends Adoption of Privacy-Enhancing Technologies in Health Care Sector

EPIC has sent a letter to the House Energy and Commerce Committee about cybersecurity in the health care sector EPIC noted that in 2016, approximately 300 health care sector data breaches compromised the health data of over 4 million patients. EPIC recommended specific privacy-enhancing technologies that should be required to be implemented in health care IT systems, including secure e-mail communications systems and the ability for patients to hold back sensitive information.

April 6, 2017

Reuters Poll: Most Americans Would Not Sacrifice Privacy to Foil Terror Plots

A recent Reuters survey found that a majority of Americans are not willing to give up their privacy even to help the government fight terrorism. About 3 in 4 participants in the online survey answered that they would not give up the privacy of their e-mail, text messages, or phone records to help the US fight foreign or domestic terrorism plots or counter hacking of US networks by foreign powers. The poll of 3,307 people showed strong support for privacy among both Democrats and Republicans. EPIC has advocated for strong encryption since its founding and published the first comprehensive survey of encryption use around the world. EPIC also maintains a page on Privacy and Public Opinion.

European Parliament Expresses Alarm Over Rollback of US Privacy Safeguards

In a resolution passed today, the European Parliament expressed alarm over the rollback of U.S. privacy safeguards necessary for Privacy Shield, a framework permitting the flow of European consumers' personal data to the United States. The Parliament cited several recent developments including procedures that allow the NSA to disseminate raw data across the US government, vacancies at the Federal Trade Commission and the Privacy and Civil Liberties Oversight Board, the repeal of an FCC privacy rule, and the absence of effective redress for violations of Privacy Shield. The resolution of Parliament called on the European Commission to rigorously analyze these matters and to "take all necessary measures" to ensure the agreement respects EU privacy rights. In 2015, EPIC a coalition of privacy organizations had urged the US and the EU to strengthen privacy protections, following a landmark decision that found insufficient legal protections for the transfer of consumer data to the US.

EPIC Obtains Documents About FBI Drone Program

As a result of a Freedom of Information Act request, EPIC has obtained the FBI's first annual summary report on drone operations. The annual reports are required by an Obama Presidential Memorandum regarding the domestic use of drones by federal agencies. EPIC also obtained related documents about FBI drone operations that were heavily redacted. Additionally, EPIC requested the FBI's drone policies and procedures related to privacy, civil liberties, and civil rights. The FBI has not yet released these documents to EPIC. EPIC will appeal the FBI's failure to release these documents and will also challenge the redactions in the documents that were released.

April 7, 2017

EPIC Appeals Passenger Profiling Case to DC Circuit

EPIC has appealed the ruling in EPIC v. CBP, case involving a controversial passenger screening program that combines detailed personal information with secret algorithms to assign "risk assessments" to travelers—including US citizens. EPIC sued the agency for information about the "Analytic Framework for Intelligence" under the Freedom of Information Act. As a consequence of the EPIC FOIA lawsuit, EPIC obtained important documents and prevailed in an earlier phase of the case. However, the federal court in Washington, DC declined last month to order the release of certain additional materials. EPIC is now asking the DC Circuit Court of Appeals to overrule the lower court's decision and compel the release of documents sought by EPIC.

Senate Confirms Neil Gorsuch to U.S. Supreme Court

The Senate has confirmed Neil Gorsuch as the next Associate Justice of the U.S. Supreme Court. The final vote was 54 yeas to 45 nays. During Justice Gorsuch’s confirmation hearing, EPIC urged the Senate Judiciary Committee to scrutinize Gorsuch’s positions on a wide range of privacy, First Amendment, open government, and consumer protection issues. Gorsuch’s views on these subjects could have "far-reaching implications" for “the future of privacy in the digital era," EPIC wrote. Committee members ultimately questioned Gorsuch extensively on the constitutional right to privacy, the application of the Fourth Amendment to new technologies, and the right to anonymous speech. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts.

Continue reading "Senate Confirms Neil Gorsuch to U.S. Supreme Court" »

Senators Markey and Hatch Propose Student Privacy Act

Senator Edward Markey (D-Mass) and Senator Orrin Hatch (R-Utah) have reintroduced the "Protecting Student Privacy Act." The Act would strengthen the Family Educational Rights and Privacy Act, a federal student privacy law. The Student Privacy Act would also implement several of the recommendations EPIC set out in the Student Privacy Bill of Rights, including data security safeguards, student access to personal information held by companies, prohibiting the use of personal data for marketing purposes, and minimizing the personal information schools transfer to third parties.

April 11, 2017

Privacy Poll - Users More Concerned about Google and Facebook than ISPs

According to a POLITICO / Morning Consult poll, Americans trust Google and Facebook less than ISPs to protect personal data. Only 43% of respondents trusted broadband companies with personal information "a great deal" or "a fair amount." But trust in internet companies was much lower: 31% said they trust Facebook, 21% trust Twitter, 39% trust Google, and 35% trust other websites they visit regularly. The poll also shows public opposition to web tracking, with 70% respondents saying they were "somewhat uncomfortable" or "very uncomfortable" with companies tracking the web sites people visit and 77% being uncomfortable with companies selling people's data for advertising purposes. EPIC had urged the FCC to adopt a comprehensive approach to privacy protection and maintains an extensive page on Privacy and Public Opinion.

NY Court Backs Move to Destroy IDNYC Applications

A judge ruled this week that New York City may destroy the application materials of those who applied for an NYC identification card. The IDNYC program allows any New York City resident, regardless of immigration status, to obtain an identity document to access city services and to open a bank account. The IDNYC program was intended to assist vulnerable populations, including homeless, victims of domestic violence and undocumented immigrants. More than one million cards were issued and fewer than 2% of applications were denied. Under initial implementation, the application documentation was to be retained for two years, but critics of the program sought to obtain the personal information of applicants with the state FOI law. The judge rejected the claim. EPIC has long warned that the retention of identity document enrollment materials pose a significant privacy risk.

April 12, 2017

Court Rules That Texas Voter ID Law Intentionally Discriminates

A federal district court has ruled that a Texas voter ID law violates the Voting Rights Act because the state legislature intended the law to be discriminatory. The ruling effectively halts enforcement of the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the Fifth Circuit Court Appeals held that the Texas law had a "discriminatory effect" on minorities' voting rights and sent the case back to the district court to reexamine whether the law was passed with “discriminatory purpose.” EPIC filed an amicus brief with the appeals court arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC wrote. The Supreme Court recently declined to review the Fifth Circuit’s ruling.

Continue reading "Court Rules That Texas Voter ID Law Intentionally Discriminates" »

European Privacy Officials Back "E-Privacy" Directive Updates

The Article 29 Working Party, an expert group of European privacy officials, has issued an opinion supporting a key proposal to modernize EU privacy law for electronic communications. The updated e-Privacy Regulation would extend consumer safeguards to users of all online communications services, cover content and metadata, and limit tracking of internet users. The Working Party welcomed the harmonization of privacy standards across the European Union, but cautioned that the Privacy Directive must offer protections at least as strong as the recently adopted General Data Protection Regulation. EPIC had urged the US Federal Communication Commission to adopt a similar, comprehensive approach to communications privacy. A narrow FCC rule covering only ISPs was recently rescinded by Congress, folding under attacks that it unreasonably singled out a sector of the communications industry.

April 14, 2017

EPIC Recommends Privacy Safeguards for Vehicle Networks

In comments to the National Highway Traffic Safety Administration, EPIC recommended stronger privacy protections for vehicle-to-vehicle communications. EPIC urged the agency to allow consumers to turn off pre-installed V2V communications and to required automobile manufacturers to be transparent about the collection of personal data. EPIC also urged that agency to establish basic cybersecurity safeguards and require encryption for all vehicle networks and ensure data minimization techniques. EPIC has previously submitted comments to NHTSA on connected cars and has submitted several statements to Congress.

Continue reading "EPIC Recommends Privacy Safeguards for Vehicle Networks" »

April 15, 2017

EPIC Sues IRS for Release of Trump's Tax Records

Today EPIC filed a FOIA lawsuit against the IRS after the agency failed to release Donald J. Trump’s tax records. According to EPIC, "There has never been a more compelling FOIA request presented to the IRS.” In the request to the IRS, EPIC explained that the IRS Commissioner may release tax returns to "correct misstatements of fact" and to ensure the “integrity and fairness" of the tax system. EPIC cited an earlier statement of Senator Charles Grassley (R-IA), a member of the Joint Committee on Taxation, in support of the release. The case is captioned EPIC v. IRS, 17-670 (D.D.C. filed Apr. 15, 2017). For more information, see the Press Release about EPIC v. IRS. EPIC is currently pursuing several high level FOIA cases, including EPIC v. FBI and EPIC v. ODNI, to determine the scope of Russian interference with the 2016 Presidential election.

April 18, 2017

EPIC, Coalition Urge DHS Secretary to Reject Social Media Password Requirement

EPIC has joined the Fly Don't Spy! campaign to urge DHS Secretary Kelly to reject plans to require to hand over passwords to the federal government. Such a requirement would undermine privacy and human rights, chill freedom of speech and association, and create greater security risks for travelers. Earlier this year, Secretary Kelly testified before Congress about collecting social media passwords. In response, EPIC immediately filed a Freedom of Information Act request regarding all DHS plans to use individuals' internet and social media information to vet potential entrants to the U.S.

April 20, 2017

DHS Privacy Office Releases 2016 Report, Secret Profiling on the Rise

The Department of Homeland Security has released the 2016 Annual Data Mining Report. The report describes several of the agency's profiling systems that assign secret "risk assessments" to U.S. citizens. According to the DHS report, the Analytical Framework for Intelligence is accessible to several agency components, including the Citizenship and Immigration Services, the Coast Guard, and the Transportation Security Administration. Through a Freedom of information Act lawsuit, EPIC previously obtained important documents about the secretive scoring program. EPIC is now appealing EPIC v. CBP to the D.C. Circuit Court of Appeals to compel the release of additional documents.

Government Argues for PRISM Reauthorization in New Report

The Office of the Director of National Intelligence has released a report on the controversial Section 702 "PRISM" program, which is set to expire on December 31, 2017. The report argues for renewal, but significant questions remain about the PRISM program. Despite repeated requests from Congress, the ODNI has refused to reveal the number of U.S. persons who are swept up in PRISM surveillance every year. EPIC sent a letter to the House Judiciary Committee urging public reporting of the Government's surveillance activities. EPIC also warned that the Section 702 legal controversy could block international data transfers.

April 21, 2017

US Courts Release Revised Report on FISA

The Administrative Office of the U.S. Courts has issued the 2016 report on activities of the Foreign Intelligence Surveillance Court. The 2016 FISA report reveals that there were 1,752 FISA applications in 2016, of which 1,378 were granted, 339 were modified, 26 were denied in part, and 9 were denied in full. Scrutiny of FISA applications increased substantially in 2016. The FISA court denied more applications in 2016 than it had during the previous 36 years. In testimony before Congress in 2012, EPIC urged increased public reporting of the use of FISA authority to prevent abuse. Several of EPIC’s recommendations are reflected in the revised reporting requirements, following passage of the USA FREEDOM Act in June 2015.

Continue reading "US Courts Release Revised Report on FISA" »

EPIC, Privacy Coalition Meet with EU Data Protection Supervisor

European Data Protection Supervisor Giovanni Buttarelli spoke today to the Privacy Coalition, a nonpartisan association established in 1995 to promote dialogue on emerging privacy between civil society organizations and policy leaders. Mr. Buttarelli addressed relations between the European Union and the United States, and discussed encryption policy, the E-Privacy Regulation, the Privacy Shield, the U.S. Privacy Act as it applies to foreigners among many other topics. Recent speakers at the Privacy Coalition have included FTC Chair Maureen Ohlhausen and FCC Senior Counsel Nick Degani.

April 23, 2017

EPIC, Coalition Urge FCC to Act on Petition to End Call Data Retention

EPIC and a coalition of leading civil society organizations have sent a letter to the Federal Communications Commission urging the Commission to act immediately upon a petition submitted by an EPIC-led coalition almost two years ago. The petition called for an end to the FCC rule requiring the mass retention of phone records. The privacy organizations said that the FCC regulation was "unduly burdensome and ineffectual and posed an ongoing threat to the privacy and security of American consumers." The FCC requires phone companies to retain sensitive information on all telephone customer calling activity for 18 months, including telephone numbers dialed, date, time, and length. The coalition letter states that "the time has come to give the public the opportunity to comment on whether the data retention mandate should continue."

April 25, 2017

EPIC Joins Coalition to Urge FOIA Compliance on Immigration Enforcement

EPIC joined a coalition of civil society organizations to urge the Immigration and Customs Enforcement to comply with the Freedom of Information Act. The letter to DHS Secretary Kelly calls upon the federal agency to "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." EPIC previously received documents through a Freedom of Information Act Request about DHS's immigration enforcement practices. The documents obtained by EPIC detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement.

EPIC Hosts International Meeting of Data Protection Experts

This week EPIC hosted the 61st meeting of the International Working Group on Data Protection in Telecommunications in Washington, D.C. Twice a year, the Berlin-based Working Group convenes data protection authorities and privacy experts from around the world to develop recommendations on emerging privacy challenges. The IWG recently issued recommendations on topics including Biometrics in Online Authentication, Location Tracking, and Intelligent Video Analytics. The IWG meeting was held at the Goethe-Institut, Germany's cultural institute. Through June 2016 the Institut is presenting the "Plurality of Privacy Project," a transatlantic theater project focused on the value of privacy. EPIC previously hosted a meeting of the IWG in Washington, DC in the spring of 2004.

April 26, 2017

EPIC: Enhanced Surveillance at Border Will Sweep Up U.S. Citizens

A statement from EPIC to the House Oversight Committee for a hearing on border security warns that enhanced surveillance will impact citizens' rights. "The use of drones in border security will place U.S. citizens living on the border under ceaseless surveillance by the government." said EPIC. EPIC noted that Customs and Border Protection is already deploying drones with facial recognition technology on U.S. communities. In 2013, EPIC obtained records under the Freedom of Information Act which revealed that CBP drones could also intercept electronic communications in the United States. State laws in some border states prohibit warrantless aerial surveillance but the United States has failed to enact laws to limit drone surveillance. EPIC has sued the FAA for the agency's failure to create drone privacy safegruards as required by Congress.

EPIC to Congress: Examine TSA Secrecy

EPIC has sent a statement to the House Committee on Homeland Security for an oversight hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information the agency designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that the TSA is "seeking to hide its decision making behind this cloak of secrecy." Congress also criticized the TSA's use of the SSI designation in an extensive report on "Pseudo Classification." In the statement for the Committee, EPIC also objected to the eye scanning of US travelers at US airports.

April 27, 2017

German Court Blocks Facebook's Efforts to Obtain WhatsApp User Data

A German court has upheld an order requiring Facebook to suspend the import of users' personal data from WhatsApp. Following Facebook's acquisition of WhatsApp, WhatsApp announced that it would transfer users' personal data to Facebook, violating the company's privacy promises. A Data Protection Commissioner in Germany ordered Facebook to halt the data transfer. This week a German court refused Facebook's attempt to block the order, ruling that Facebook had no legal basis for the transfer and no effective consent from WhatsApp users. The transfer is also under investigation by the Article 29 Working party, a group of European privacy officials. EPIC filed a complaint with the FTC in 2014, backed by over a dozen US consumer groups, urging the US agency to block the acquisition of WhatsApp if privacy safeguards were not established. As EPIC explained, "WhatsApp built a user base based on its commitment not to collect user data for advertising revenue. Acting in reliance on WhatsApp representations, Internet users provided detailed personal information to the company including private text to close friends."

Appeals Court Rules in Video App Privacy Case

A Federal Court of Appeals has ruled in Perry v. CNN, a case concerning the disclosure of video viewing records. EPIC filed an amicus brief and explained that the Video Privacy Protection Act applies to all companies that collect video records, including app companies. The Appeals Court held that the plaintiff, a mobile app user, wasn't a "subscriber" under the video privacy law, following an earlier similar decision by the same court. However, the appeals court made clear that federal privacy laws, such as the Video Privacy Protection Act, provide a sufficient basis for a lawsuit without the need to show additional harm.

Senators Blumenthal and Udall Introduce Online Privacy Bill

Senators Richard Blumental (D-CT) and Tom Udall (D-NM) have introduced the Managing Your Data Against Telecom Abuses (MY DATA) Act. The MY DATA Act would grant the FTC jurisdiction over broadband providers, as well the authority to establish rules for privacy and data security online. "In the 21st century, internet access is a basic necessity. And signing up for a basic necessity should never mean you have to sign away your rights to privacy," said Senator Blumenthal. EPIC has previously told Congress that the FTC has not done enough to safeguard consumer privacy, citing the Commission's failure to enforce settlement agreements or to modify proposed settlements based on public comments. EPIC has also proposed comprehensive consumer privacy laws to combat the growing threats of data breaches, identity theft, and financial fraud.

April 28, 2017

In EPIC Lawsuit, FAA Concedes Drone Privacy Risks

The Federal Aviation Administration has filed a brief in response to EPIC's lawsuit, EPIC v. FAA, concerning the FAA's failure to establish privacy rules for commercial drones. EPIC sued the FAA after Congress required a "comprehensive plan" for drone deployment in the United States and the FAA denied EPIC's petition calling for privacy safeguards. In the opposition brief, the FAA acknowledged "that cameras and other sensors attached to [drones] may pose a risk to privacy interests." The FAA claims that the agency is not ignoring drone privacy risks, but documents from a previous Freedom of Information Act request by EPIC showed the agency also failed to complete a drone privacy report required by Congress.

Following EPIC Appeal, Justice Department Submits Trump Wiretap Claims for Declassification Review

Following EPIC’s appeal of a decision to “neither confirm nor deny” the existence of a FISA application to monitor Trump Tower, the Justice Department took the unusual step of submitting the matter for declassification review. After the President tweeted allegations that President Obama “had [his] wires tapped in Trump Tower,” EPIC filed an urgent FOIA request for any FISA applications concerning Trump Tower. The Justice denied the request, but on appeal stated it was referring this matter “so that it may determine if the existence or nonexistence of any responsive records should remain classified.” The Justice Departement issued a similar response to EPIC’s related request concerning alleged surveillance of the Trump team. EPIC had explained in the appeal that “the agency may not hide behind the ‘neither confirm nor deny’ response” after FBI Director James Comey stated before Congress that the FBI and the Justice Department had “no information” to support the President’s tweets.

NSA Imposes Limits on "Upstream" Collection Program

The National Security Agency announced that it will no longer acquire upstream “about” communications under Section 702 surveillance authority. The Foreign Intelligence Surveillance Court previously questioned these searches, but permitted them to continue after the NSA claimed that ending the program would be technologically infeasible. According to PCLOB, the NSA collects more than 25 million Internet communications every year. EPIC recently challenged the “about” searches in an amicus brief for the Irish DPC v. Facebook case. The broader Section 702 authority is set to expire in December.

Continue reading "NSA Imposes Limits on "Upstream" Collection Program" »

About April 2017

This page contains all entries posted to epic.org in April 2017. They are listed from oldest to newest.

March 2017 is the previous archive.

May 2017 is the next archive.

Many more can be found on the main index page or by looking through the archives.