« June 2018 | Main | August 2018 »

July 2018 Archives

July 2, 2018

Facebook's Response to Congress Provides More Evidence of Consent Order Violations

Late Friday afternoon, Facebook submitted over 700 pages of responses to questions from members of Congress following Mark Zuckerberg's testimony in April. Facebook has now admitted that it provided developers and device makers access to personal data despite publicly stating that it had discontinued the practice. In April EPIC submitted a detailed letter to Congress, explaining that the Cambridge Analytica breach could have been avoided if the FTC had enforced the 2011 Consent Order. That Consent Order was the result of extensive complaints EPIC and consumer organizations filed with the FTC in 2009 and 2010. In March, the Acting Director of the FTC stated "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."

FTC Announces Another Privacy Settlement, But Again Imposes No Penalties

The FTC announced today that it settled charges with ReadyTech, a California company, for misrepresenting compliance with Privacy Shield, a self-certification arrangement that allows US companies to obtain the personal data of Europeans. The FTC settlement prohibits the company from making future misrepresentations about Privacy Shield compliance, but imposes no penalties and provides no remedy to European consumers whose personal data was wrongfully obtained. Last year, the FTC settled charges with three companies that misrepresented their participation in Privacy Shield, but similarly failed to impose penalties. The European Parliament's Civil Liberties Committee ("LIBE") recently passed a resolution stating that Privacy Shield does not protect European consumers, and called for its suspension if the U.S. does not comply by September 1, 2018. LIBE specifically called attention to the Cambridge Analytica breach of 87 million Facebook users. In March, EPIC told the FTC that the Cambridge Analytica breach could have been prevented if the FTC had enforced its 2011 Consent Order with Facebook.

July 3, 2018

EPIC, Scientific Societies Call for Public Input on U.S. Artificial Intelligence Policy

In a petition to the Office of Science and Technology Policy, EPIC, leading scientific organizations, including AAAS, ACM and IEEE, and nearly 100 experts urged the White House to solicit public comments on artificial intelligence policy. The Open AI Policy petition follows a White House summit on "AI and American Industry" that was closed to the public and ignored issues such as privacy, accountability, and fairness. EPIC has filed a Freedom of Information Act request seeking records about the establishment of the Select Committee. In advance of a recent hearing on Artificial Intelligence, EPIC also told the House Science Committee that Congress must implement oversight mechanisms for the use of AI by federal agencies. In 2014, EPIC led a similar petition drive for a White House initiative on Big Data.

July 5, 2018

Senate Committee Confirms 2016 Russian Cyberattack on Democratic Institutions

A report from the Senate Select Committee on Intelligence has confirmed the 2017 assessment from the Intelligence Community on Russian interference with the 2016 election. The Intelligence report stated "Russia's goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump." Senate Committee Chair Richard Burr (R-NC) said "the Committee has spent the last 16 months reviewing the sources, tradecraft and analytic work underpinning the Intelligence Community Assessment and sees no reason to dispute the conclusions," The Senate Report also stated, "the Committee's investigation has exposed a far more extensive Russian effort to manipulate social media outlets to sow discord and to interfere in the 2016 election and American society" than the Intelligence Community assessment reported. EPIC pursued a FOIA lawsuit, EPIC v. ODNI, to obtain public release of the complete Intelligence report. In 2017, EPIC launched a new project on Democracy and Cybersecurity to focus attention on new threats to democratic institutions.

European Parliament: 'Privacy Shield' Does Not Protect Privacy, Calls for Suspension

The European Parliament has called for the suspension of the "Privacy Shield" if the U.S. does not comply in full by September 1, 2018. The resolution states that the pact, which permits US companies to obtain the personal data of European, does not protect privacy. The Parliament cited numerous problems, including the Cambridge Analytica breach of 87 million Facebook users data, the reauthorization of FISA Section 702, the failure to appoint members to the PCLOB, and passage of the CLOUD Act, which permits US law enforcement agencies to access personal data stored in Europe. The vote of the full Parliament follows an earlier statement from the civil liberties "LIBE" committee. EPIC highlighted many of the same concerns in recent comments. EPIC also told the FTC that the Cambridge Analytica breach could have been prevented if the FTC had enforced its 2011 Consent Order with Facebook. The European Commission, the EU body in charge of the Shield, must now decide how to respond.

EPIC to Irish Data Protection Commission: Privacy Assessments Require Algorithmic Transparency

In comments to the Irish Data Protection Commission, EPIC proposed guidance for Data Protection Impact Assessments. The EU General Data Protection Regulation requires organizations to carefully assess the collection and use of personal data. EPIC explained that Data Protection Impact Assessments require the disclosure of the reason for the processing of personal data. EPIC also urged the Irish Privacy Commission to protect individuals against profiling and tracking by minimizing the collection of sensitive data. EPIC supports "Algorithmic Transparency" and brought FTC consumer complaints to promote accountability over secret algorithms. EPIC has also advised the UK Information Commissioner's Office on Data Protection Impact Assessments and GDPR implementation.

EPIC, Coalition Call for Human Rights Protections in Cybercrime Convention Update

EPIC and a coalition of civil society organizations urged the Council of Europe to include robust human rights protections in the proposed revision to the Convention on Cybercrime. Otherwise, the updates could enable "a race to the bottom for protection," the coalition warned. The groups opposed the CLOUD Act model for law enforcement access to data in foreign jurisdictions, calling instead for robust transparency and accountability requirements. The human rights groups also urged widespread ratification of the International Privacy Convention 108. EPIC and US consumer rights groups have long campaigned for United States ratification of Convention 108.

EPIC Urges Illinois Supreme Court to Uphold Strict Limits on Biometric Data Collection

EPIC has filed an amicus brief with the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp, about the collection of a child's biometric data in violation of the Illinois Biometric Information Privacy Act. EPIC explained that the Illinois biometric law "imposes clear responsibilities on companies that collect biometric identifiers" and said the company had failed to comply with the state law. EPIC made clear that "collection is the threshold safeguard in privacy law" and if corresponding provisions are "not enforced, the statute’s subsequent provisions are of little consequence." EPIC first identified the risk of collecting biometric data from children entering amusement parks in a 2005 report "Theme Parks and Your Privacy." The state of Illinois adopted the nation's first biometric privacy law in 2008. EPIC has long advocated for strict limits on use of biometric data. EPIC also routinely submits amicus briefs, including in the recent OPM data breach case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.

July 10, 2018

Congress Asks Google, Apple About Smartphone Data Collection

Members of the House Energy and Commerce Committee have sent letters to Apple CEO Tim Cook and Alphabet CEO Larry Page seeking information about the data collection capabilities of smartphones. Prompted by recent privacy scandals, the representatives asked Google and Apple whether their devices track users' location even when location services are disabled or record users' private conversations without a "trigger" word. The issue of smartphones and privacy has generated widespread attention following the Supreme Court's landmark ruling in Carpenter v. U.S. that the Fourth Amendment protects location records generated by mobile phones. EPIC recently advised Congress to strengthen privacy protections for mobile location data in response to the Supreme Court's ruling.

Privacy Concerns Raised with Kavanaugh Nomination to Supreme Court

President Trump's nomination of Judge Brett M. Kavanaugh to the Supreme Court has raised concerns about the future of privacy and Constitutional protections against government surveillance. As a judge on the D.C. Circuit Court of Appeals, Kavanaugh upheld the warrantless, widespread, and suspicionless collection of call records of Americans. Kavanaugh, authoring an opinion where none was expected, wrote that the mass surveillance program "is entirely consistent with the Fourth Amendment." Kavanaugh further stated that even if the search triggered constitutional concerns, it "fit comfortably" in the special needs exception to the Fourth Amendment. "Critical national security need outweighs the impact on privacy occasioned by the program," wrote Kavanaugh. Congress subsequently determined that the data collection activity was overly broad and terminated the program. EPIC will ask the Senate Judiciary Committee to question Kavanaugh on a wide range of privacy, First Amendment, open government, and consumer protection issues. EPIC has submitted similar statements to the Judiciary Committee for the hearings on Justice Gorsuch, Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts.

EPIC to Congress: Warrant Should be Required for Searches of Phones at Border

In advance of a hearing on "Examining Warrantless Smartphone Searches at the Border," EPIC has sent a statement to the Senate urging a warrant requirement for searches of electronic devices at the border. EPIC recently filed a Freedom of Information Act lawsuit against Immigration and Customs Enforcement for details of the agency's warrantless searches of mobile devices. ICE has contracts with Cellebrite to extract data from mobile devices, including personal data stored in cloud-based accounts, without judicial authority. Privacy complaints regarding the search of mobile devices at the border continue to increase. Senator Patrick Leahy (D-VT) and Senator Steve Daines (R-MT) have introduced S. 2386, legislation to restrict border searches of cellphones. EPIC Advisory Board member Professor Laura Donohue will testify at the hearing.

EPIC Advises Congress to Protect Consumer Call Records

In advance of the hearing "Protecting Customer Proprietary Network Information in the Internet Age," EPIC urged Congress to protect the privacy of users of third-party apps, such as WhatsApp and Google Voice. The Telecommunications Act of 1996 protects the privacy of "CPNI" — phone numbers dialed, date and time of calls — but this safeguard does not cover internet-based calls. EPIC told Congress that CPNI privacy rules should apply to both telecommunications companies and Internet firms. In 2005, EPIC filed the original FCC petition to extend CPNI privacy protections. EPIC also proposed uniform privacy standards for telecommunications firms and information service providers in the 2016 FCC Privacy Order.

July 11, 2018

UK Data Watchdog Fines Facebook Maximum £500,000 for Cambridge Analytica Breach

The Information Commissioner's Office, the lead agency for data protection in England, has issued the maximum £500,000 fine on Facebook for failing to secure user data from Cambridge Analytica. ICO investigations found that Cambridge Analytica harvested 87 million Facebook users' personal data to target ads for political purposes, and that Facebook did not compel the deletion of this data to prevent further misuses. Facebook was charged with two violations of the UK Data Protection Act 1998: "failing to safeguard people's information [and] failing to be transparent about how people's data was harvested by others and why they might be targeted by a political party or campaign." ICO also told other companies that served online political ads during the EU Brexit Referendum to stop processing UK citizens' data. In March and April, EPIC told the FTC and Congress that the Cambridge Analytica breach could have been prevented if the FTC had enforced the 2011 Consent Order with Facebook. The FTC is currently investigating Facebook but has never imposed any fines against the company.

EPIC to Congress: Declassified Russian Meddling Report Should be Released

In advance of a joint Committee hearing on "Oversight of FBI and DOJ Actions Surrounding the 2016 Election," EPIC has sent a statement to the House Judiciary and House Oversight Committees urging the release of the complete declassified Intelligence Community report on Russian interference in the 2016 U.S. Presidential Election. EPIC pursued a FOIA lawsuit, EPIC v. ODNI, to obtain public release of the complete Intelligence report, and a federal court ruled that ODNI could withhold the document from public release. However, a recent report from the Senate Select Committee on Intelligence confirmed the 2017 assessment from the Intelligence Community. The Intelligence report stated "Russia's goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump." EPIC argued that, in light of this report, the public has a right to know the Intelligence Community's findings. In 2017, EPIC launched a new project on Democracy and Cybersecurity to focus attention on new threats to democratic institutions.

July 12, 2018

EPIC to European Data Protection Board: GDPR Certifications Should Uphold Rights Above Privacy Seals

In the first public consultation held by the European Data Protection Board, EPIC proposed a rights-based certification criteria for the General Data Protection Regulation. The Data Protection Board is now the lead privacy agency in Europe. EPIC explained the risks of self-regulatory certification mechanisms, pointing to TRUSTe and the Facebook audits obtained by EPIC that wrongly certified Facebook's compliance with the 2011 FTC Consent Order. EPIC said, certification mechanisms "must be developed by national DPAs and implemented in conformity with the fundamental principles and rights of the GDPR." EPIC has also advised the UK Information Commissioner's Office and the Irish Data Protection Commissioner on GDPR enforcement.

EPIC Joins Coalition Urging Congress to Investigate Destruction of Records on Family Separation

EPIC and a coalition of organizations sent a letter to Congress urging an investigation of the Department of Homeland Security's records management practices. The concern follows the administration's "zero-tolerance" immigration enforcement policy and family unification efforts. Recent reports indicate that border agents are improperly destroying records of the separated families, making it difficult to reestablish family connections. "The purposeful deletion of records by border agents would be a clear violation of the [Federal Records Act], with dire humanitarian consequences," the group stated. The letter also encouraged Congress to ensure DHS is fulfilling its transparency obligations by making its policy guidances available to the public. EPIC has previously warned the Senate about the misuse of immigrant data by the DHS.

July 13, 2018

Federal Court Upholds Regulations for Drone Hobbyists

In a companion case to EPIC v. FAA, the D.C. Circuit ruled in Taylor v. FAA that the regulations for drones operated by hobbyists are within the agency's statutory authority. The D.C. Circuit previously ruled that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. The D.C. Circuit declined to reach the merits of EPIC's challenge. The FAA is expected to issue rules later this year that will require drones to identify themselves with radio beacons, as EPIC had previously urged.

EPIC Asks FTC and EDPB to Suspend Transfer of Facebook User Data to Social Science One

EPIC has sent a letter to the Federal Trade Commission and the European Data Protection Board urging the suspension of a proposed study that will disclose user data to third parties without their consent. EPIC warned that the Social Science One project transfer likely violates the GDPR, as well as the FTC's 2011 Consent Order with Facebook, which bars Facebook from disclosing data to third parties without users' affirmative consent. The FTC announced in April that Facebook is under investigation over the transfer of personal data to Cambridge Analytica, a research organization affiliated with a prestigious university. In 2012, Facebook conducted a psychological experiment on its users by secretly manipulating their news feeds to examine the effects of social media on user emotions. The study was suspended after objections from EPIC, professional societies, and others. The Guardian reported that the "lack of 'informed consent' means that Facebook experiment on nearly 700,000 news feeds broke rules on tests on human subjects."

Special Counsel: Russian Intelligence Stole Data on 500,000 Voters

Russian intelligence officers hacked the website of a political organization in 2016 and stole personal data on more than 500,000 voters, according to a new indictment from the Special Counsel's Office. The stolen data included "names, addresses, partial social security numbers, dates of birth and driver's license numbers." In January 2017, EPIC sued the FBI for information about the agency's failure to respond to foreign cyber attacks on the DNC and the RNC. EPIC eventually obtained the victim notification procedures that would have applied during the 2016 Presidential election, but which the FBI failed to follow. Almost 18 months have passed since the filing of EPIC v. FBI and the first criminal indictments.

July 16, 2018

EPIC Urges Supreme Court to Protect Internet Users in Controversial Class Action Settlement

EPIC has filed an amicus brief in Frank v. Gaos, concerning a class action settlement that provided no benefit to Internet users and no change in the business practices of defendant Google. EPIC said the settlement was not "fair, reasonable, and adequate." The case involves Google's disclosure of Internet user search histories to third parties without user consent, a business practice that could violate federal and state privacy law. EPIC stated, "The proposed settlement is bad for consumers and does nothing to change Google's business practices." A federal appeals court narrowly approved that settlement, 2-1, with the dissenting judge warning that courts must be on the lookout "not only for explicit collusion, but also for more subtle signs that class counsel have allowed pursuit of their own self-interests." EPIC said that, "cy pres requires vigilant judicial oversight to guard against the risks of collusion and ensure that judges are not rubber-stamping settlements that pay attorneys while failing to benefit class members." EPIC and several consumer privacy organization objected to the original settlement on three separate occasions. EPIC routinely opposes class action settlements that fail to provided a benefit to Internet users.

EPIC To Congress: Require Algorithmic Transparency For Dominant Internet Firms

In advance of a hearing on Filtering Practices of Social Media Companies, EPIC has sent a statement to the House Judiciary Committee. EPIC said that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. In 2011, EPIC sent a letter to the FTC stating that Google's acquisition of YouTube led to a skewing of search results after Google substituted its secret "relevance" ranking for the original objective ranking, based on hits and ratings. The FTC took no action on EPIC's complaint. But last year, after a seven year investigation, the European Commission found that Google rigged search results to give preference to its own shopping service. The Commission required Google to change its algorithm to rank its own shopping comparison the same way it ranks its competitors.

EPIC Urges FAA to Make Drone Committee Meetings Accessible to the Public

EPIC wrote to FAA Acting Administrator Daniel K. Elwell today to request that the agency livestream the FAA Drone Advisory Committee meeting that takes place tomorrow in Santa Clara. Earlier this year, EPIC filed suit against the Drone Committee, alleging that it had conducted much of its work in secret and ignored the privacy risks posed by the deployment of drones. As EPIC explained in the request for public streaming, “the FAA’s Drone Advisory Committee plays a key role in setting public policy on drone deployment for the United States, yet the public is largely excluded from this process. This secrecy is of particular concern given ongoing public concerns about the deployment of drones in the United States.”

July 17, 2018

For House Hearing, EPIC Urges FTC to Unwind WhatsApp Deal, Enforce Facebook Consent Order

EPIC has sent a statement to the House Energy and Commerce Committee in advance of a hearing on “Oversight of the Federal Trade Commission.” EPIC told the Committee to urge the new FTC leadership to enforce the Facebook Consent Order and unwind the Facebook-WhatsApp merger As EPIC previously told Congress, the Cambridge Analytica breach could have been avoided if the FTC had enforced its 2011 Consent Order against Facebook. That Order was the result of detailed complaints filed by EPIC and consumer privacy organizations in 2009 and 2010. In 2014, EPIC and the Center for Digital Democracy urged the FTC to block Facebook’s acquisition of WhatsApp unless appropriate privacy safeguards were put in place. In 2016, EPIC and CDD filed a second complaint after Facebook broke its privacy promises and began collecting WhatsApp users' data.

July 18, 2018

FTC Chair Seeks New Privacy and Data Security Authority

In testimony this morning before the House Energy and Commerce Committee, new Federal Trade Commission Chairman Joseph Simons said the FTC needs greater authority to protect consumers. Simons asserted that privacy and data security are now the top priority for the FTC, and signaled his support for data protection legislation that would accomplish three things: (1) provide civil penalties for companies that violated the law, (2) give the FTC jurisdiction over nonprofits and common carriers, and (3) provide the FTC with rulemaking authority for privacy and data security. EPIC submitted a statement prior to today's hearing emphasizing that the FTC must conclude its investigation of Facebook and issue a fine for its violations of the 2011 Consent Order and unwind the Facebook-WhatsApp deal.

July 19, 2018

Presidential Commission to Delete State Voter Data Wrongfully Obtained

EPIC and a coalition of groups gave the White House the final go-ahead today to destroy the state voter data unlawfully collected by the Presidential Election Commission. In a notice to the federal court overseeing EPIC v. Commission, EPIC and the other groups that sued the Commission said that the White House should delete the data as it stated earlier it would. The deletion of the voter data is the outcome EPIC sought in EPIC v. Commission, which challenged the Commission for failing to conduct a required Privacy Impact Assessment before collecting personal data. As a result of EPIC's case, the Commission previously suspended its data collection, discontinued the use of an unsafe computer server, and deleted a prior batch of voter information that was illegally obtained. The Commission was disbanded in January.

Justice Department Releases 2018 FOIA Report

Today the Department of Justice released a summary and assessment of federal agencies' Chief FOIA Officer Reports. The annual FOIA Report provides a detailed assessment of FOIA processing across the federal government. The summary tracks the Department's FOIA Guidelines: Applying the Presumption of Openness, Having Effective Systems for Responding to Requests, Making Information Available Proactively, Utilizing Technology, and Reducing Backlogs and Improving Timeliness. The guidance offers methods to manage these backlogs, guidance on closing oldest consultations, and recommending that agencies post raw data from the annual FOIA reports. EPIC pursues an extensive FOIA docket.

Bot Disclosure Act Would Promote Identification, Accountability

Sen. Dianne Feinstein (D-Calif.) has introduced S. 3127, the Bot Disclosure and Accountability Act of 2018. The bill directs the FTC to create a rule to require social media companies to disclose any social media bots on their platform. The bill also prohibits candidates and political parties from using bots. "This bill is designed to help respond to Russia's efforts to interfere in U.S. elections through the use of social media bots, which spread divisive propaganda," Feinstein said. Earlier this week, EPIC sent a statement to the House Judiciary Committee arguing that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. EPIC has also recommended identification requirements for drones.

July 20, 2018

EPIC FOIA: EPIC Obtains CBP Drone Operations and Privacy Directive

Through a Freedom of Information Act lawsuit, EPIC obtained Customs and Border Protection's directive on Unmanned Aircraft System Operations and Privacy. The directive allows the agency to disseminate information collected through drone operations with federal, state, local, tribal, and foreign law enforcement agencies. EPIC's FOIA request stems from 2015 Presidential Memorandum that requires all federal agencies to develop and publish policies and procedures that address the privacy, civil liberties, and civil right issues posed by the use of drones. EPIC recently sent a statement to the Senate Committee on Homeland Security and Government Affairs, urging the Committee to not consider a S. 2836, Preventing Emerging Threats Act of 2018: Countering Malicious Drones, until all federal agencies establish drone privacy procedures.

July 24, 2018

EPIC Urges House Committee to Push FCC on Comprehensive Privacy Plan

EPIC has sent a statement to the House Commerce Committee for a hearing on the Federal Communications Commission. EPIC urged the Committee to push the FCC to develop a comprehensive plan for online privacy. EPIC also asked the Committee to press the nominees to repeal a FCC regulation that requires the retention of telephone customer records for 18 months. EPIC filed a petition urging the repeal of this mandate more than two years ago and the FCC recently docketed the petition for public comment. Every comment received by the FCC favored the EPIC petition to end the data retention mandate. EPIC has submitted multiple comments to the FCC for strong online privacy protections.

July 25, 2018

EPIC Urges Suspension of Biometric Entry/Exit Program

In comments to Customs and Border Protection, EPIC urged the agency to suspend the Biometric Entry/Exit Program. EPIC argued that less privacy-invasive alternatives should be considered and that the program should not move forward until Congress has passed regulations implementing safeguards for the use of biometrics. CBP solicited comments about the collection of biometrics, based on facial recognition, from people in vehicles crossing the border. EPIC said that such an expansion could quickly lead to a program of mass surveillance. In EPIC v. CBP, EPIC has sued the agency for details about the program. A report EPIC obtained in the lawsuit showed that facial recognition at a pedestrian border failed to perform at a "satisfactory" level.

NSA Inspector General Issues First Unclassified Report

The NSA's Office of Inspector General issued the first unclassified semi-annual report to Congress on the National Security Agency. The report describes the internal watchdog's audits, studies, and investigations of the NSA's activities. Among other findings, the OIG uncovered improper searches through U.S. persons' data collected under the Foreign Intelligence Surveillance Act, as well as "many instances of noncompliance" with rules to secure NSA networks, systems, and data. In 2012, EPIC testified before Congress on the need for better reporting on the use of FISA authorities. EPIC also routinely highlights reporting on federal surveillance under the Wiretap Act. In EPIC v. NSA, EPIC obtained the Presidential Decision Directive, outlining the agency's authority for domestic surveillance.

July 27, 2018

Legal Challenge to Citizenship Question on Census Moves Forward

A federal judge ruled that lawsuits challenging the Trump administration's decision to add a question on citizenship status to the 2020 census could move forward. The court rejected the administration's claim that the plaintiffs lacked standing and ruled that it was "plausible" that the decision was motivated by racial animus and would result in a discriminatory effect on immigrant communities. Through a Freedom of Information Act request, EPIC obtained documents (part 1, part 2, part 3, part 4) considered by Commerce Secretary Wilbur Ross to add the citizenship question. The census raises significant privacy risks and has been used to discriminate. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to DHS after 9-11.

July 30, 2018

For Internet Policy, EPIC Urges Congress to Update U.S. Privacy Laws

In advance of a hearing on "The Internet and Digital Communications: Examining the Impact of Global Internet Governance," EPIC urged the Senate Commerce Committee to prioritize updating U.S. privacy law to respond to changes in technology. "The failure of the United States to address the growing concerns about online privacy is threatening both the digital economy and democratic institutions," EPIC stated. EPIC explained that privacy protection is necessary to ensure the free flow of information online. EPIC again warned Congress that Europe may suspend the Privacy Shield, a framework that permits the flow of European consumers' personal data to the U.S, if the United States does not modernize privacy law and establish a federal data protection agency.

EPIC to Request Kavanaugh White House Records on Warrantless Wiretapping, Mass Surveillance Programs

EPIC is planning to submit a Freedom of Information Act request to the Bush Library and the National Archives and Records Administration for records concerning programs of mass surveillance and Supreme Court nominee Brett M. Kavanaugh. Kavanaugh served as Assistant to the President and Staff Secretary for President George W. Bush between July 2003 and May 2006. During that time, the Bush administration undertook a wide range of mass surveillance programs, including the warrantless wiretapping of Americans, which was later deemed unlawful. On the federal appellate court, Judge Kavanaugh wrote that a suspicionless surveillance program "is entirely consistent with the Fourth Amendment." "Critical national security need outweighs the impact on privacy occasioned by the program," wrote Kavanaugh. Other programs backed by the White House when Judge Kavanaugh served as White House Staff Secretary include Total Information Awareness, airport body scanners, and Real ID.

July 31, 2018

EPIC Seeks Records on "Quiet Skies," TSA Airport Surveillance Program

EPIC submitted a Freedom of Information Act request to the Transportation Security Authority after renews reports that the agency secretly surveills airport travelers. The program, known as "Quiet Skies," uses teams of federal marshals to track and observe unsuspecting travelers while they are in the airport and on flights. A Government Accountability Office report on a similar program that used behavioral analysis found the program to be ineffective. The GAO report stated that the "Screening of Passengers by Observation Techniques" program also raised significant concerns over racial and ethnic profiling. EPIC has urged TSA to undertake a comprehensive audit of the civil rights impact of airport screening policies on racial and religious minorities.

About July 2018

This page contains all entries posted to epic.org in July 2018. They are listed from oldest to newest.

June 2018 is the previous archive.

August 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.