« January 2018 | Main | March 2018 »

February 2018 Archives

February 1, 2018

Senators Urge FTC to Investigate Companies Selling Social Media Influence

Senators Jerry Moran (R-KS) and Richard Blumenthal (D-CT) wrote Federal Trade Commission Acting Chair Maureen Ohlhausen to urge the FTC to investigate companies that use fraudulent automated accounts to influence social media. The techniques, known as "amplification bots," follow, retweet, and like social media content to boost a client's visibility. The Senators' letter follows a recent New York Times report on Devumi, a company engaged in such practices. Devumi's bots often steal identities, using the photos and personal information of real people, some of whom are minors. The Senators called these practices a "unique kind of social identity theft" that "have the effect of distorting the online marketplace and creating a false sense of celebrity, credibility, or importance in people, companies, or institutions that may not deserve it." The practice also violates state privacy laws concerning "the right of publicity," which EPIC has defended.

February 2, 2018

EPIC Challenges Facebook Privacy Settlement

EPIC has filed an amicus brief with a federal appeals court urging the court to reject a proposed class action settlement over Facebook's practice of scanning private messages. EPIC challenged the settlement because it did not require Facebook to stop scanning private messages. In fact, the company can continue scanning messages by simply burying a notice on its website. Also, there was no compensation to Internet users for the prior violation of federal and state laws. EPIC is dedicated to class action fairness in privacy cases and has objected to many similar settlements that failed to provide actual benefits to Internet users. EPIC recently opposed a settlement with Google that allows the company to continue tracking web users. EPIC also opposed a settlement with Facebook in 2014 that allowed the company to continue an unlawful practice.

February 5, 2018

EPIC Pursues Trump's IRS Records, Contradictory Statements about Financial Ties to Russia

EPIC has filed a new Freedom of Information Act request with the IRS, seeking tax-related records for President Trump's businesses. The new EPIC request follows EPIC's pending lawsuit for the release of Trump's personal tax returns. The request seeks the release of tax records concerning settlements with the IRS, which the agency is required to disclose to the public upon request. EPIC previously called on the IRS to release the President's tax returns to correct misstatements of fact about his financial ties to Russia. President Trump tweeted "I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by the President's lawyers. EPIC v. IRS, which is now before the D.C. Circuit Court of Appeals, is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election. EPIC is also litigating EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity).

EPIC Advises Congress on Uber Data Breach, Bug Bounties

EPIC submitted a statement to the Senate in advance of a hearing to examine the October 2016 Uber breach and the value of bug bounty programs. Last fall, Uber admitted that hackers stole the data of 57 million Uber customers and drivers and that the company paid the hackers $100,000 to delete the data. This has raised legal questions about Uber's failure to notify those affected by the breach and about "bug bounty" programs, where companies pay hackers that bring vulnerabilities to their attention. EPIC explained to the Senate that, "bug bounty programs do not excuse non-compliance with data breach notification laws." EPIC's 2015 complaint with the FTC regarding Uber's abuse of personal data led to an FTC settlement in August, 2017. EPIC has also proposed a privacy law for Uber and other similar transportation companies.

February 6, 2018

EPIC Urges Senate to Investigate Mulvaney’s Failure to Pursue Equifax Probe

According to recent reports, the Consumer Financial Protection Bureau has shut down the investigation of the 2017 Equifax data breach that exposed the personal data of 145.5 million Americans. CFPB Acting Director Mulvaney failed to seek subpoenas or obtain sworn testimony from Equifax executives. Mr. Mulvaney also ended plans to test Equifax’s security systems, and rejected offers from regulators to assist with the investigation. EPIC urged the Senate Banking Committee to investigate, stating: “If the reports are accurate, Director Mulvaney’s failure to pursue a thorough investigation of the Equifax matter verges on malfeasance.” Last fall, EPIC President Marc Rotenberg testified at a Senate hearing on the Equifax breach. EPIC described the data breach as one of the worst in U.S. history. EPIC’s Christine Bannan also proposed steps to strengthen data protection safeguards for American consumers.

Continue reading "EPIC Urges Senate to Investigate Mulvaney’s Failure to Pursue Equifax Probe" »

February 7, 2018

EPIC Files FOIA Request About Mulvaney's Decision to Halt CFPB Equifax Investigation

EPIC has filed an urgent Freedom of Information Act request for records about Acting Director Mulvaney's decision to shut down the CFPB investigation of Equifax. The 2017 data breach, likely undertaken by a foreign adversary, compromised the personal data of 143 million Americans. Last year CFPB warned that US servicemembers were at particular risk as a result of the Equifax breach. EPIC is seeking communication between Mulvaney and Equifax officials, as well as records of meetings and any related memos regarding the decision to close the investigation. In a letter to the Senate Banking Committee yesterday, EPIC recommended that the Committee undertake a thorough investigation of the CFPB's recent decision regarding the investigation.

February 8, 2018

Following EPIC Letter, 31 Senators Demand Answers from CFPB on Equifax Investigation

A group of 31 Senators wrote to Acting Director Leandra English and Director Mick Mulvaney of the Consumer Financial Protection Bureau about the agency's failure to pursue the probe of the 2017 Equifax breach. The Senators wrote that "the CFPB has a clear duty to supervise consumer reporting agencies, investigate how this breach has or will harm consumers, and bring enforcement actions as necessary." Earlier this week, EPIC urged the Senate Banking Committee to investigate the CFPB. EPIC also filed a FOIA request seeking records about Mulvaney's decision to halt the CFPB's Equifax investigation.

February 9, 2018

EPIC Joins Call for Increased Oversight of Intelligence Agencies

EPIC and other leading open government organizations urged Congress to promote transparency and accountability of the Intelligence agencies. The groups called for the release of annual public reports, all significant opinions by the Foreign Intelligence Surveillance Court, and an accounting on the number of Americans subject tp foreign intelligence surveillance. EPIC previously called on lawmakers to require federal agencies to obtain a warrant before searching information about Americans in foreign intelligence databases. Through a Freedom of Information Act lawsuit, EPIC obtained a report detailing the FBI's failure to follow procedures regarding the use of foreign intelligence data for a domestic criminal investigation. EPIC has also testified in Congress on reforms to the Foreign Intelligence Surveillance Act.

EPIC Files FOIA Request About DHS's Investigation of Voter Fraud

EPIC filed a Freedom of Information Act request to the Department of Homeland Security seeking records about DHS's investigation of state voter fraud. Since the termination of the Presidential Advisory Commission on Election Integrity, President Trump suggested that the DHS investigate voter fraud, which falls outside the agency's jurisdiction. The agency has stated that its top priority is securing election systems from cyberattacks. This week, the DHS admitted that Russian hackers successfully penetrated election systems in the 2016 Presidential Election. EPIC had earlier submitted a statement to Congress seeking assurances that DHS will not continue the work of the disbanded Commission.

February 12, 2018

EPIC FOIA: IRS Agrees to Fulfill EPIC's Request for Trump Tax Records

The IRS acknowledged that it will fulfill EPIC's FOIA request seeking certain tax records of President Trump and the President's businesses. It marks the first time, to EPIC's knowledge, that the IRS has agreed to process a third-party FOIA request for the President's tax information. EPIC is seeking tax records relating to settlements with the IRS, which the agency is required to disclose to the public upon request. EPIC previously sued the IRS for the release of the President's personal tax returns to correct misstatements of fact about his financial ties to Russia. President Trump tweeted "I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by the President's own lawyers. That case, EPIC v. IRS, is now before the D.C. Circuit Court of Appeals. EPIC is litigating several other FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity).

In Congressional Testimony, EPIC to Call For Comprehensive Privacy Law, New Privacy Agency

EPIC President Marc Rotenberg will testify before the House Financial Services Committee this week. Rotenberg will say that "Data breaches pose enormous challenges to the security of American families, as well as our country's national security." EPIC will call for comprehensive data protection legislation and the creation of a federal data protection agency. EPIC also challenged the decision of the CFPB Director to drop the investigation into the Equifax data breach. EPIC has repeatedly urged Congress to address the data protection crisis in the United States, warning that it endangers national security and international trade. Last year EPIC testified before the Senate in the wake of the Equifax breach, emphasizing the growing risks to American consumers.

February 13, 2018

Senators Question Intelligence Officials on Russian Election Interference

The Senate Intelligence Committee held a hearing today with top officials from all U.S. intelligence agencies: Office of the Director of National Intelligence, CIA, NSA, Defense Intelligence Agency, FBI, and the National Geospatial-Intelligence Agency. The officials unanimously agreed that Russia interfered in the 2016 election and will interfere in the 2018 election, noting that they have already observed attempts to influence upcoming elections. Director of National Intelligence Dan Coats said: "There should be no doubt that Russia perceived that its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations." EPIC launched the Project on Democracy and Cybersecurity, after the 2016 presidential election, to safeguard democratic institutions. EPIC is currently pursuing several FOIA cases concerning Russian interference, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). EPIC also provided comments to the Federal Election Commission to improve transparency of election advertising on social media.

EPIC Offers Recommendations for Future of FTC Ahead of Senate Hearing on Nominees

In advance of a Senate hearing on four nominees to the Federal Trade Commission, EPIC recommended 10 steps for the FTC to safeguard American consumers. EPIC explained that the FTC's failure to address the data protection crisis has contributed to unprecedented levels of data breach and identity theft in the United States. EPIC helped establish the FTC's authority for consumer privacy and has urged the FTC to safeguard American consumers in cases involving Microsoft, Google, Facebook, Uber, Samsung and others. EPIC also filed a lawsuit against the FTC when it failed to enforce a consent order against Google.

February 14, 2018

Congressional Task Force Releases Report on Election Security

The Congressional Task Force on Election Security today released its final report detailing vulnerabilities in U.S. election systems. The report includes many recommendations, purchasing voting systems with paper ballots, post-election audits, and funding for IT support. The report also proposes a national strategy to counter efforts to undermine democratic institutions. Election experts have said that Congress has not done enough to safeguard the mid-term elections. In early 2017, EPIC launched the Project on Democracy and Cybersecurity. EPIC is currently pursuing several FOIA cases concerning Russian interference with the 2016 election, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity).

February 16, 2018

Mueller Indicts Russian Nationals, Entities for Election Interference

Special Counsel Robert Mueller has indicted thirteen Russian nationals and three Russian entities for interfering in the 2016 U.S. presidential election. "Beginning as early as 2014" the defendants began operations "to interfere with the U.S. political system" and "sow discord," the indictment explains. They also posed as U.S. persons online, reaching "significant numbers of Americans" on social media. EPIC first sought details of the Russians' "multifaceted" influence campaign in January 2017, pursuing release of the complete Intelligence Community assessment on Russian meddling. EPIC President Marc Rotenberg recently highlighted the role of the Russian Internet Research Agency, named in the Mueller indictment, explaining, "Facebook sold advertising to Russian troll farms working to undermine the American political process." EPIC launched a new project on Democracy an Cybersecurity in early 2017 to help preserve democratic institutions.

House Draft Data Security Bill Preempts Stronger State Safeguards

Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the "Data Acquisition and Technology Accountability and Security Act," that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General would both be responsible for enforcing the law. The law would only trigger liability if the personal data breached is "reasonably likely to result in identity theft, fraud, or economic loss" and would preempt stronger state data breach laws. Earlier this week, EPIC President Marc Rotenberg testified before the House, calling for comprehensive data privacy legislation that would preserve stronger state laws. Last fall, EPIC testified at a Senate hearing on the Equifax breach, calling it one of the worst in U.S. history.

February 20, 2018

Supreme Court Leaves Data Breach Decision In Place

The Supreme Court has denied a petition for a writ of certiorari in Carefirst, Inc. v. Attias, a case concerning standing to sue in data breach cases. Consumers had sued health insurer Carefirst after faulty security practices allowed hackers to obtain 1.1 million customer records. EPIC filed an amicus brief backing the consumers, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches." The federal appeals court agreed with EPIC and held that consumers may sue companies that fail to safeguard their personal data. Carefirst appealed the decision, but the Supreme Court chose not to take the case. EPIC regularly files amicus briefs defending standing in consumer privacy cases, most recently in Eichenberger v. ESPN, where the Ninth Circuit also held for consumers, as well as Gubala v. Time Warner Cable and In re SuperValu Customer Data Security Breach Litigation.

EPIC Amicus: Supreme Court to Hear Arguments in Wiretap Act Case

The Supreme Court will hear arguments this week in Dahda v. United States, a case concerning the federal Wiretap Act and the suppression of evidence obtained following an invalid wiretap order. The Wiretap Act requires exclusion of evidence obtained as a result of an invalid order, but a lower court denied suppression in the case even though the order was unlawfully broad. In an amicus brief, EPIC wrote that "it is not for the courts to create textual exceptions" to federal privacy laws. EPIC explained that Congress enacted strict and unambiguous privacy provisions in the Wiretap Act. "If the government wishes a different outcome," EPIC wrote, "then it should go to Congress to revise the statute." EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Byrd v. United States (suspicionless searches of rental cars) and Carpenter v. United States (warrantless searches of cellphone location records).

February 21, 2018

Republican DACA Bill Would Expand Use of Drones, Biometrics

The Secure and Succeed Act (S. Amdt. 1959 to H.R. 2579), sponsored by several Republican Senators, would link DACA with hi-tech border surveillance. Customs and Border Protection would use facial recognition and other biometric technologies to inspect travelers, both US citizens and non-citizens, at airports. The bill also establishes "Operation Phalanx" that instructs the Department of Defense—a military agency—to use drones for domestic surveillance. EPIC has pursued many FOIA cases on border surveillance involving biometrics, drones, and airport body scanners, In a statement to Congress, EPIC warned that "many of the techniques that are proposed to enhance border surveillance have direct implications for the privacy of American citizens."

February 22, 2018

EPIC v. IRS: EPIC Urges D.C. Circuit to Green-Light Release of President Trump's Tax Returns

EPIC has filed the opening brief in its case to obtain President Trump's tax returns. EPIC told the D.C. Circuit Court of Appeals that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." A Quinnipiac poll released today confirms that public overwhelmingly supports (67%) the release of the President's returns. As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election, including EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity). Press Release.

February 26, 2018

Court of Appeals Restores FTC's Authority Over "Common Carriers"

The Ninth Circuit Court of Appeals has ruled in FTC v. AT&T that the Federal Trade Commission can regulate telephone and internet companies, reversing an earlier decision by a three-judge panel that stripped the FTC of its authority over "common carriers." The full Ninth Circuit held that the common carrier exemption to the FTC Act is activity-based, not status-based. This means that the FTC can regulate AT&T's data-throttling practices. The Ninth Circuit reached the result that EPIC and a coalition of consumer advocates had urged in a friend-of-the-court brief. EPIC also vigorously defended the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards" in an amicus brief in FTC v. Wyndham.

EPIC Urges Congress to Suspend Facial Recognition At US Airports

EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing use of facial recognition that capture the images of US travelers. EPIC also pointed to a recent study that found racial disparities with the technique. EPIC previously pursued a significant lawsuit against the TSA that led to the removal of x-ray body scanners from US airports. EPIC is currently seeking records from Customs and Border Protection concerning the accuracy of facial recognition.

February 27, 2018

Court Rules that Users have Standing to Sue Facebook about Facial Recognition

The Northern District of California has ruled that Facebook users have standing to pursue a class action challenging Facebook's use of facial recognition software. The court said that the Illinois Biometric Information Privacy Act requires plaintiffs only to show that Facebook has unlawfully collected their biometric data without their consent. Facebook sought to dismiss the suit by arguing that the Supreme Court's decision in Spokeo v. Robins required the plaintiffs to show additional harm. EPIC submitted a friend-of-the-court brief in Spokeo, arguing that courts should not second-guess privacy laws. The Ninth Circuit Court of Appeals recently agreed with EPIC that internet users have standing when a company has disclosed their personal information in violation of the Video Privacy Protection Act.

EPIC Presses Department of Defense on Privacy of Cyber Threat Information

In a statement to Congress in advance of a hearing on the Department of Defense's cyber operations, EPIC urged lawmakers to consider the privacy impact of cyber policies. The Cybersecurity Information Sharing Act of 2015 allowed the federal government to obtain cyber threat information from the private sector—much of which concerns the activities of individual Internet users—without privacy safeguards. EPIC urged Congress to ask Michael Rogers, the Commander of U.S. Cyber Command, about the steps the Defense Department will take to reduce privacy risks. EPIC previously sued the federal government for information regarding a Department of Homeland Security program that allowed the NSA to monitor the Internet traffic of defense contractors.

February 28, 2018

Axios Poll: Public Wants Big Tech Regulated

A new Axios-SurveyMonkey poll found that 55% of Americans believe the government should do more to regulate tech companies such as Google and Facebook. The poll showed bipartisan support for increased regulation, with 45% of Republicans, 64% of Democrats, and 57% of Independents saying they are "more concerned" that the government will not go far enough to regulate tech. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger laws to protect their privacy. EPIC has also opposed mergers that threaten consumer privacy, including Facebook's acquisition of WhatsApp, Google's acquisition of DoubleClick, and Google's acquisition of Nest Labs.

EPIC Amicus: Supreme Court Divided Over Microsoft Stored Communications Case

This week, the Supreme Court heard arguments in United States v. Microsoft Corps., a case concerning law enforcement access to personal data stored in Ireland. The Court appeared divided during the argument, but both Justice Ginsburg and Justice Alito appeared to agree that Congress and not the Court was better positioned to find a solution. In an amicus brief, EPIC urged the Supreme Court to respect international privacy standards. EPIC wrote, the "Supreme Court should not authorize searches in foreign jurisdictions that violate international human rights norms." EPIC cited important cases from the European Court of Human Rights and the European Court of Justice. EPIC warned that "a ruling for the government would also invite other countries to disregard sovereign authority." EPIC has long supported international standards for privacy protection, and EPIC has urged U.S. ratification of the Council of Europe Privacy Convention. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Carpenter v. United States (privacy of cellphone data), Byrd v. United States (searches of rental cars), and Dahda v. United States (wiretapping).

About February 2018

This page contains all entries posted to epic.org in February 2018. They are listed from oldest to newest.

January 2018 is the previous archive.

March 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.