You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 19.08

======================================================================= E P I C A l e r t ======================================================================= Volume 19.08 April 27, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] FCC Fines Google for Obstruction of Street View Probe [2] EPIC, Congress Demand Greater Action in Street View Investigation [3] Facebook Offers Revised 'Download Your Information' Option [4] MD Passes Bill Banning Bosses from Demanding Facebook Information [5] DHS Expands Use of Watch Lists for 'Known Traveler' Program [6] News in Brief [7] EPIC in the News [8] Book Review: 'Broken Ballots' [9] Upcoming Conferences and Events TAKE ACTION: Join EPIC at the 2012 Drone Summit! REGISTER here: READ about Drones in US: SUPPORT EPIC: ======================================================================= [1] FCC Fines Google for Obstruction of Street View Probe ======================================================================= The Federal Communications Commission has fined Google $25,000 for the company's obstruction into the agency probe of violations of Section 705 of the Communication Act, which prohibits the unlawful interception of communications in the United States. In May 2007, as part of Google's initial collection of Street View data, Google deployed special vehicles, equipped with digital cameras and other devices, to capture images in designated locations in 30 countries worldwide. Using hidden Internet receivers, Google "Street View vehicles" also collected a vast amount of data from users of private home and business Wi-Fi networks. Google simultaneously collected MAC addresses (the unique device ID for Wi-Fi hotspots), network SSIDs (user-assigned network ID names) tied to location information for private wireless networks, and Wi-Fi "payload" data, which included emails, passwords, usernames and website URLs. In May 2010, EPIC wrote to the FCC about Google Street View's data collection, urging the Commission to undertake an investigation. EPIC explained that, but for the efforts of German data protection authorities, Google's Wi-Fi interception might never have been revealed, and that Google's actions "could easily constitute a violation of Title III of the [Wiretap Act]." The agency's Director of Consumer and Regulatory Affairs acknowledged that Google's behavior "clearly infringes on consumer privacy." FCC Chairman Julius Genachowski further told members of Congress in June 2011 that the Commission had opened an investigation that "seeks to determine whether Google's actions were inconsistent with any rule or law within the Commission's jurisdiction." Recently, the Commission released an interim report in which the agency fined Google $25,000 for the company's obstruction of an FCC investigation begun in 2010. The FCC found that Google impeded the investigation by "delaying its search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions." Although the base forfeiture for failing to respond to an FCC inquiry is $4,000, the FCC determined that Google's conduct warranted an upward adjustment because the agency found that Google's failure to cooperate was deliberate. Furthermore, the FCC found that "[m]isconduct of this nature threatens to compromise the Commission's ability to effectively investigate possible violations of the Communications Act and the Commission's rules." FCC: Notice to Google of Apparent Liability (Apr. 13, 2012) EPIC: Request for Google Street Investigation (May 21, 2010) FCC: Letter to Congress re: Google Street View (June 22, 2011) FCC: Blog Post on Google Street View (June 11, 2010) EPIC: Investigations of Google Street View EPIC: "Friend of the Court" Brief in Joffe v. Google (Mar. 30, 2012) EPIC: Ben Joffe v. Google ======================================================================= [2] EPIC, Congress Demand Greater Action in Street View Investigation ======================================================================= In response to the Federal Communication Commission's determination in the Google Street View case, EPIC has written a letter to US Attorney General Eric Holder, asking the Department of Justice to investigate Google's collection of private Wi-Fi data. Because the FCC's report did not address the substantive issue - Google's potential violation of federal wiretap law - EPIC called on the Department of Justice to conduct a more complete investigation. EPIC has also filed a Freedom of Information Act request for the complete, unredacted version of the FCC's report. EPIC noted that "by the agency's own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretapping law to Google's interception of emails, usernames, passwords, browsing histories, and other personal information." Furthermore, EPIC's letter states, "In light of the Attorney General's law enforcement responsibilities and the inadequate responses of the other federal enforcement agencies, EPIC urges the Department of Justice to investigate the extent of Google's interception of private Wi-Fi data in the United States." Members of Congress have expressed support for EPIC's recommendation to the Justice Department. Sen. Richard Blumenthal (D-CT) said, "Google's interception and collection of private wireless data potentially violates the Wiretap Act or other federal statutes, and I believe the Justice Department and state attorneys general should fully investigate this matter." Rep. Ed Markey (D-MA) said, "[t]his fine is a mere slap on the wrist for Google," and called for a more comprehensive investigation. Many countries have found Google guilty of violating national privacy laws, and a US federal court recently held that unencrypted wireless network communications are not exempt from the protections of the Wiretap Act. EPIC's FOIA request is based on the fact that the FCC's publicly available report on Google Street View was heavily redacted, raising questions about the scope of the agency's investigation. The FCC, for example, redacted the total volume of private data collected, as well as important information related to Google's intent in capturing private Wi-Fi data, such as the purposes for which a Google engineer initially reviewed payload data. EPIC: Letter to DOJ re: Google Street View (Apr. 17, 2012) EPIC: FOIA Request to FCC re: Google Street View (Apr. 18, 2012) EPIC: "Friend of the Court" Brief in Joffe v. Google (May 21, 2010) EPIC: Request for Investigation in Google Street View (May 21, 2010) EPIC: Investigations of Google Street View EPIC: Ben Joffe v. Google ======================================================================== [3] Facebook Offers Revised 'Download Your Information' Option ======================================================================== Facebook will now provide users with a downloadable archive containing many types of stored user data. This archive is similar to the "Download Your Information" feature first introduced in 2010, which allows Facebook users to retrieve all of their photos, videos, wall posts, messages, and certain other fields in a downloadable .zip file. Max Schrems, an Austrian law student and founder of the web site Europe v. Facebook, has gone on record as being critical of the change. "We welcome that Facebook users are now getting more access to their data, but Facebook is still not in line with the European Data Protection Law," Schrems told The New York Times. "With the changes, Facebook will only offer access to 39 data categories, while it is holding at least 84 such data categories about every user." Schrems gained notoriety in 2011 after he forced Facebook to disclose more than 1,200 pages of his own personal data, including information he had previously deleted. Through the "Know What They Know" campaign. EPIC has called on Facebook to provide users with full access to all the data the company keeps about them. EPIC also recommended, in comments on a November 2011 settlement between Facebook and the Federal Trade Commission, that the FTC require Facebook to give all users full access to their data. The FTC's settlement with Facebook was issued after the Commission found that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010, and bars Facebook from changing privacy settings without the affirmative consent of users, or misrepresenting the privacy or security of users' personal information. EPIC also recommended that Facebook restore the privacy settings that users had in place when the violations occurred. Facebook: Download Your Information NYT: "Facebook Offers More Disclosure to Users" (Apr. 12, 2012) Europe v. Facebook EPIC: Facebook Privacy EPIC: "Know What They Know" EPIC: FTC Facebook Settlement ======================================================================= [4] MD Passes Bill Banning Bosses from Demanding Facebook Information ======================================================================= The Maryland State Legislature has passed the first state-level bill banning employers from asking employees or job applicants for social networking passwords. The bill was introduced after Robert Collins, an employee at the Maryland Department of Public Safety and Correctional Services, was asked to turn over his Facebook password as part the process of being reinstated as a corrections officer. Collins was asked for his private Facebook login credentials by an investigator during a "recertification" background-check interview. During questioning, the investigator asked whether Collins used social media services, and then asked for his Facebook account password. The investigator logged in to his Facebook account and looked through his "messages, on [his] wall and in [his] photos to make sure [he was] not a gang member or [had] any gang affiliation," according to his testimony before the Maryland State Legislature. The Facebook policy team is on record as being in support of the new legislation, issuing a statement that "[a]sking employees or job applicants for their passwords is wrong." However the bill still has opponents in the Maryland Chamber of Commerce. While the bill is the first of its kind, other state legislatures have introduced bills to limit employer access to social media login information. US Senators Richard Blumenthal (D-CT) and Charles Schumer (D-NY) have also asked the Equal Employment Opportunity Commission and the US Department of Justice to investigate the practice of employers asking job applicants to surrender user names and passwords for social networking sites like Facebook. AP: Article on MD Employer Facebook Password Law (Apr. 20, 2012) State of MD: Text of Bill on Social Networking Passwords (Apr. 1, 2012) EPIC: Workplace Privacy EPIC: Facebook Privacy ======================================================================= [5] DHS Expands Use of Watch Lists for 'Known Traveler' Program ======================================================================= The Department of Homeland Security has published a Privacy Impact Assessment update for "Secure Flight," a DHS program that compares airline passenger records against various watch lists maintained by the US government. The assessment details the agency's plans to expand the existing "Known Traveler" program in order to expedite airline screening for certain categories of travelers. DHS also intends to incorporate into Secure Flight into the Automated Targeting System, a controversial program that allows the government to assign a risk assessment number to individual travelers. That number provides the basis for further screening. The Transportation Security Administration, an agency within DHS, has operated Secure Flight since 2008. The Secure Flight PIA announces that TSA and Customs and Border Protection (CBP) will work together "to continuously update[e] watch list[s]" and identify travelers "requiring enhanced screening" as a component of the Automated Targeting System. CBP states that it utilizes ATS to collect and analyze personal information to "targe[t], identif[y], and preven[t] potential terrorists and terrorist weapons from entering the United States." According to CBP, this process allows the agency "to form a more complete picture of a traveler." The Secure Flight program creates three substantial privacy risks. First, a large amount of Personally Identifiable Information on US travelers is collected and exchanged by federal agencies. Second, government watch lists are notorious for containing inaccuracies; EPIC has testified previously before Congress on government watch list database errors. Third, documents uncovered by an EPIC FOIA request have revealed that individuals often remain on government watch lists even after being acquitted of a crime. EPIC has a longstanding interest in passenger profiling and airline travel privacy. In 2007, EPIC urged DHS to either suspend the Automated Targeting System or to fully apply all Privacy Act safeguards to any traveler subject to ATS. In 2010, EPIC advocated for stronger privacy protections of DHS trusted-traveler programs that compare passenger names against watch lists. In 2011, EPIC joined over 30 organizations to ask DHS Secretary Janet Napolitano to undertake an independent audit of the TSA to determine whether TSA airport screeners engage in racial profiling. DHS: Secure Flight Privacy Impact Assessment Update (Apr. 13, 2012) EPIC: Secure Flight EPIC: FOIA on FBI Watchlist EPIC: Automated Targeting System (ATS) EPIC: Comments to DHS on Automated Targeting System (Sept. 2007) EPIC: Testimony on Watch List Database Errors (Sept. 2008) EPIC et al.: Letter re: TSA Racial Profiling Audit (Dec. 1, 2011) ======================================================================= [6] News in Brief ======================================================================= Facebook Requests Public Feedback after Policy Changes Facebook has re-opened its "Statement of Rights and Responsibilities" for comment after making changes to the original document. Although users' personal data can still be accessed by their friends' apps, Facebook has clarified that users could prevent this by changing their "Apps and Websites" settings. Facebook also deleted a provision reserving the right to "exclude or limit the provision of any service or feature in our sole discretion" in certain geographic areas, after users raised concerns about censorship. The Federal Trade Commission's November 2011 settlement with Facebook, which follows from a set of earlier complaints file by EPIC and other consumer and privacy organizations, bars Facebook from changing privacy settings without users' affirmative consent, or misrepresenting the privacy or security of users' personal information. In response to Facebook's prior policy change, EPIC noted that the data-disclosure practices of third-party apps implicated issues that led the creation of the consent order in the first place. Facebook: Statement of Rights and Responsibilities FTC: Facebook Settlement Nov. 29, 2011) EPIC: In re: Facebook (Dec. 17, 2009) EPIC: In re: Facebook 2 (May 5, 2010) EPIC: Comments on Facebook Settlement (Dec. 27, 2011) EPIC: Facebook Settlement EPIC: Facebook Privacy Bipartisan Privacy Caucus Demands Answers on Drones and Privacy US Representatives Ed Markey (D-MA) and Joe Barton (R-TX) have sent a letter to the Federal Aviation Administration, expressing their concerns about the increased use of drones in the US. Rep. Markey noted, "We must ensure that as drones take flight in domestic airspace, they don't take off without privacy protections for those along their flight path." The letter called on the FAA's Acting Administrator to supply key information about the drone program, including plans to ensure that the drone licensing process includes privacy protections and public transparency. In February 2012, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. Reps. Markey and Barton: Letter to FAA re: US Drones (Apr. 19, 2012) Rep. Ed Markey: Press Release on FAA Letter (Apr. 19, 2012) Federal Aviation Administration EPIC: Unmanned Aerial Vehicles (UAVs) and Drones Coalition Urges Congress to Remove Cybersecurity FOIA Limitations An open-government coalition has asked US House lawmakers to oppose provisions in the Cyber Intelligence Sharing and Protection Act, or "CISPA," that would cut off public access to some information held by federal agencies. If passed, CISPA would allow the government to refuse to disclose broad swaths of information, otherwise subject to FOIA, that private companies provide to the federal agencies. More than three dozen groups have signed the petition, including, the Sunlight Foundation, Project On Government Oversight, and EFF. The groups have asserted that the legislation "constitutes a wholesale attack on public access to information under the Freedom of Information Act" and would impede the public's ability to evaluate whether the government is adequately combating cybersecurity threats. In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions, and stated that the National Security Agency has become "a black hole" for public information about cybersecurity. EFF: Coalition Letter Opposing CISPA (Apr. 16, 2012) Cyber Intelligence Sharing and Protection Act (CISPA) (HR 3523) EPIC: Statement on FOIA and Critical Infrastructure (Mar. 12, 2012) Sen. Judiciary Committee: Hearing on FOIA (Mar. 13, 2012) EPIC: Cybersecurity Privacy Practical Implications EPIC: EPIC v. NSA (Cybersecurity Authority) EPIC: Litigation Under the Federal Government Laws 2010 ======================================================================= [7] EPIC in the News ======================================================================= "Privacy advocates slam Google Drive's privacy policies." ComputerWorld, April 25, 2012. "Markey, EPIC Won't Let Google Wi-Spy Die." All Things D, April 18, 2012. "Privacy watchdogs call for new Google probe." Los Angeles Times, April 17, 2012. "Contradicting a Federal Judge, FCC Clears Google in Wi-Fi Sniffing Debacle." Wired, April 16, 2012. "Unanswered Questions in F.C.C.’s Google Case." The New York Times, April 16, 2012. "Foes say Google got slap on the wrist in Wi-Spy." Politico, April 16, 2012. For More EPIC in the News: ======================================================================= [8] Book Review: 'Broken Ballots' ======================================================================= "Broken Ballots: Will Your Vote Count?", Douglas Jones and Barbara Simons People cast ballots, election officials count votes, and winners are announced. Therein lies the deception: Voting technology is prone to deception, manipulation, and routine error. "Broken Ballots" begins with the sentence, "This book never should have been written." I disagree: This book is long overdue. Before the 2000 Presidential election, only a few experts knew about systemic problems with US election technology. Dr. Douglas Jones is one of those people. A professor of Computer Science at the University of Iowa, Jones has studied voting and voting systems for most of his academic career. Dr. Barbara Simons, also an expert on voting technology, began her work following the 2000 election debacle. "Broken Ballots" is essential reading if you want to understand how we got to the crisis of the 2000 election, and where we are in 2012. The book reviews the history of voting technology and voting technology certification, and studies elections officials and voting rights advocates who work to improve public elections. According to Jones and Simons, a positive turning point in public elections occurred with the passage of the "Help America Vote Act of 2002," also known as HAVA. HAVA funds allowed states to purchase at least one voting system for persons with disabilities for each polling location, and banned the use of punchcard and lever voting systems. As a result of HAVA's requirements, local and state election officials typically purchased paperless touchscreen voting machines. Technologists began looking more closely at these systems after discovering the paperless voting machines in their polling locations. These experts knew that computers cannot be trusted and they can fool anyone, including computing security professionals. The history of voting rights is full of abuses associated with paper ballots, and, according to the book's authors, the new voting technology erroneously promised to eliminate ballot fraud problems. Though these new technologies expanded voting rights to the disabled, new flaws need to be addressed. The book is both a great read and a go-to resource for anyone researching or reporting on elections and technology. The only shortcoming is the chapter "Voters with Disabilities." The authors suggest that the long-standing conflict with the disability community over paper and paperless voting systems is fundamentally about money. This explanation is too simplistic; there are many examples of how paper presents significant challenges to the blind, and how new technology is enabling new forms of access for the disabled. This is one of the many challenges ahead in the effort to reform the technologies of voting. But the increasing collaboration between technologists and voting rights advocates, described by Jones and Simons, is a significant development. -- Lillie Coney ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= Drone Summit: Killing and Spying by Remote Control. Sponsored by CodePink. 28-29 April 2012, Washington, DC. For More Information: EPIC Champions of Freedom Awards Dinner. 11 June 2012, Washington, DC. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.08 ------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security