You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC Alert 26.03

EPIC Alert logo

1. EPIC Files Appeal to Block Census Citizenship Question

EPIC has filed an expedited appeal in EPIC v. Commerce to block the Census Bureau from collecting citizenship information in the 2020 Census. EPIC alleges that the Bureau failed to complete privacy impact assessments required by the E-Government Act before adding the citizenship question.

The lower court in EPIC's case held that the Bureau must "prepare PIAs that adequately address the collection of citizenship data in the 2020 Census" and acknowledged the "negative policy consequences" that can result "if an agency drags its feet in performing its PIA obligations." The Census Bureau also conceded in the case that it would complete the required privacy impact assessments by March.

But the court denied EPIC's motion for a preliminary injunction, concluding that the Census Bureau is not required to conduct privacy assessments "until the Bureau mails its first batch of Census questionnaires to the public"—a view entirely at odds with the E-Government Act. As EPIC explained, applying the E-Government Act in this way "would render it a functional nullity and undermine the express purposes of the statute."

A federal court in New York recently blocked the citizenship question, but the Census Bureau appealed that decision. Late last week, the Supreme Court agreed to review the case and scheduled oral argument for mid-April.

EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's case to require updated privacy impact assessments for the 2020 Census is EPIC v. Commerce, No. 18-2711 (D.D.C.).

2. EPIC Urges Supreme Court to Preserve Public Voice in Robocall and Junk Fax Law

EPIC has filed an amicus brief urging the Supreme Court to safeguard FCC rules that protect the public from robocalls and junk faxes. The case, PDR Network v. Carlton & Harris Chiropractic, concerns a company's efforts to circumvent a key FCC rule about junk faxes.

EPIC told the Court that permitting companies to avoid FCC rules "will exclude the voices of consumers" in agency decisionmaking. EPIC noted that "public interest groups have successfully used the agency process to advocate for rules that protect consumers" and argued that companies should have to follow the same procedures if they intend to challenge an FCC rule.

As an example, EPIC cited its 2005 petition that led the FCC to restrict phone companies' disclosure of customer data to third parties. In 2008, telecommunications companies challenged that rule, and EPIC and other consumer groups filed amicus briefs to defend the FCC's "opt-in" requirement. EPIC told the Supreme Court if the same companies were allowed to challenge the FCC's rule in every federal court in the country, EPIC "would have had to track private enforcement actions nation-wide" and "submit amicus briefs in each of those actions."

EPIC contributed to the development of robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International v. FCC and Gallion v. Charter Communications.

3. White House Executive Order on AI Leaves Key Questions Unanswered

President Trump recently signed an executive order on Artificial Intelligence that leaves many questions unanswered. The order outlines the federal government's current policies and principles concerning artificial intelligence.

The executive order identifies five goals for a "coordinated Federal Government strategy" on AI: (1) driving AI research and development; (2) developing technical standards and reducing barriers to AI; (3) training workers to use AI technology; (4) fostering "public trust and confidence in AI technologies"; and (5) promoting an international environment "that supports American AI research and innovation" while protecting against competitive harm.

EPIC has urged both the White House and Congress to ensure public input on AI policy. In 2018, EPIC—joined by nearly 100 experts and leading scientific organizations such as AAAS, ACM, FAS, and IEE—called for public participation in the work of the White House Select Committee on Artificial intelligence. In response, the committee sought public comment on U.S. AI policy.

EPIC has also proposed the Universal Guidelines for Artificial Intelligence as the basis for AI legislation. The Guidelines aim to reduce bias in decisionmaking algorithms, to ensure that digital globalization is inclusive, to create human-centered evidence-based policy, to promote safety in AI deployment, and to rebuild trust in institutions. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries.

4. EPIC to PCLOB: Review 12333, Facial Recognition, AI, Smart Borders, and 702 Authority

In advance of a Privacy and Civil Liberties Oversight Board forum on "Countering Terrorism while Protecting Privacy and Civil Liberties: Where do We Stand in 2019," EPIC sent a statement to the Board outlining priorities. EPIC said the PCLOB should (1) release the report on Executive Order 12333; (2) limit government use of facial recognition; (3) establish safeguards for government AI use; (4) monitor proposals for "smart" borders and assess privacy impacts on U.S. residents; and (5) reform Section 702 surveillance authority.

The PCLOB is an independent board that reviews federal agency programs to ensure protections for privacy and civil liberties. EPIC has long argued that a full-strength, independent PCLOB is necessary for effective oversight of government surveillance programs. However, the Board remained largely dormant for two years after losing its quorum.

In 2018, the Senate confirmed three new members to the board, including EPIC Advisory Board Member Ed Felten. Two additional PCLOB members recently received a confirmation hearing. This month's forum was the first public PCLOB meeting since the board regained a quorum.

EPIC helped establish the PCLOB. In 2003, EPIC testified before the 9/11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the board in 2013. In 2016, EPIC awarded the late Judge Patricia Wald, a former PCLOB member, with the EPIC Champion of Freedom Award.

5. German Competition Authorities Impose Restrictions on Facebook for Privacy Violations

Germany's competition agency has imposed new restrictions on Facebook's practice of combining user data from across its platforms, such as WhatsApp and Instagram, and barred the company from linking third-party data to specific Facebook accounts.

The German decision prohibits Facebook from using data from other services it owns and from "[c]ollecting data from third party websites and assigning them to a Facebook user account" without user consent. The restrictions follow a Commission finding that "[t]he extent to which Facebook collects, merges and uses data in user accounts constitutes an abuse of a dominant position."

EPIC has long warned that data consolidation poses a significant threat to competition and innovation. EPIC opposed Facebook's 2014 acquisition of WhatsApp, warning that Facebook would use WhatsApp data on other platforms. In recent comments to the FTC, EPIC told the Commission that Facebook achieved its "dominance through unrivaled access to consumer data." And as early as 2008, EPIC warned that "dominant Internet firms are moving to consolidate their control over the Internet."

EPIC Advisory Board Member Tim Wu also highlighted the dangers of data consolidation in his recent book, The Curse of Bigness, showing that Facebook and other tech giants systematically use their dominant position to identify and acquire competitors. Professor Wu suggested that actions like those taken by the German Commission could begin to remedy the abuses by tech firms.

EPIC continues to oppose platform consolidation. In a recent statement to the FTC, EPIC—joined by competition and civil rights groups—urged the FTC to impose equitable remedies on Facebook for violating the 2011 consent order. Such remedies would include compelling Facebook's divestment from WhatsApp and Instagram, requiring compliance with Fair Information Practices, reforming hiring and management practices, and restoring democratic governance. The groups said, "Given that Facebook's violations are so numerous in scale, severe in nature, impactful for such a large portion of the American public and central to the company's business model, and given the company's massive size and influence over American consumers, penalties and remedies that go far beyond the Commission's recent actions are called for."

News in Brief

EPIC Submits Comments on Regulation of Private Surveillance Industry

EPIC has submitted comments the UN Special Rapporteur on Freedom of Expression for a report on the surveillance industry. The Special Rapporteur is soliciting information for a report to UN General Assembly on how surveillance technology is regulated and used around the world. EPIC's submission details a recent U.S. proposal to limit exports of surveillance technology, new limits on access to surveillance tech in the United States, and key EPIC Freedom of Information Act cases to uncover details of ICE's procurement of mobile forensics and analytics technology. EPIC pursues an extensive FOIA docket.

EPIC to NYC: Develop Privacy Safeguards for 'Smart City' Technologies

In comments to the City of New York, EPIC identified current privacy risks to New Yorkers, new challenges from the development of "smart cities" services, and also described how other cities are tackling privacy issues. The NYC Mayor's Office of Information Privacy sought input from the public on policies to best serve the privacy interests of New Yorkers. EPIC recommended that the city minimize collection of personally identifiable data, promote the use of statistical data, upgrade cyber security, and provide increased opportunity for public participation in the development of new Internet-based services. EPIC also encouraged NYC to adopt the Universal Guidelines for Artificial Intelligence when implementing AI technology.

Over 40 Civil Rights, Civil Liberties, and Consumer Groups Call on Congress to Address Data-Driven Discrimination

EPIC joined 43 civil society organizations in a letter to Congress calling on legislators to protect civil rights, equity, and equal opportunity in the digital ecosystem. The organizations wrote that any privacy legislation must be consistent with the Civil Rights Principles for the Era of Big Data, which include: stop high-tech profiling, ensure fairness in automated decisions, preserve constitutional principles, enhance individual control of personal information, and protect people from inaccurate data. The groups said: "Platforms and other online services should not be permitted to use consumer data to discriminate against protected classes or deny them opportunities in commerce, housing, and employment, or full participation in our democracy." EPIC supports algorithmic transparency, the public's right to know the data processes that impact their lives so they can contest decisions made by algorithms.

Supreme Court to Hear Dispute over Census Citizenship Question

The Supreme Court has agreed to hear the government's appeal of New York v. Department of Commerce, in which a New York federal judge blocked the government from asking a citizenship question on the 2020 Census. EPIC filed an amicus brief in the case. EPIC has also sued to block the citizenship question in EPIC v. Commerce. EPIC alleges that the Bureau failed to complete privacy impact assessments before adding the question. A lower court held that the Bureau must "prepare PIAs that adequately address the collection of citizenship data in the 2020 Census," but denied a preliminary injunction. EPIC has appealed the decision.

Court Denies Injunction in EPIC Census Privacy Suit

A federal court has denied EPIC's motion for a preliminary injunction and refused to block the Census Bureau from collecting citizenship information via the 2020 Census. As EPIC told the court, the Bureau unlawfully failed to complete multiple privacy impact assessments before it abruptly introduced the citizenship question last year. The court acknowledged that the Bureau must "prepare PIAs that adequately address the collection of citizenship data in the 2020 Census" and noted that "negative policy consequences" could result "if an agency drags its feet in performing its PIA obligations." Nevertheless, the court held that the Bureau may drag its feet in conducting the required assessments "until the Bureau mails its first batch of Census questionnaires to the public" in 2020. EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC intends to press forward with the census case, which is captioned EPIC v. Commerce, No. 18-2711 (D.D.C.).

EPIC Makes Final Arguments for Injunction Blocking Citizenship Question

EPIC has filed a reply brief in EPIC v. Commerce urging a federal court to block the Census Bureau from adding a citizenship question to the 2020 Census. EPIC alleges that the Census Bureau failed to complete privacy impact assessments, required by law, before it abruptly added the citizenship question last year. Secretary Ross has already suggested that the census data would be used for law enforcement purposes. "Congress expected that the Bureau would conduct a comprehensive privacy review early in the process, not as the census forms were heading to the printer or delivered to the post office," EPIC told the court. A federal court in New York recently blocked the citizenship question, but the Census Bureau has appealed that decision. EPIC filed an amicus brief in the New York case and has long advocated for robust protections for census data. EPIC has also filed numerous successful lawsuits to require privacy impact assessments, including EPIC's lawsuit that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained.

EPIC to Senate: Oversight Board Must Review Government Use of Facial Recognition, AI

In advance of a hearing about the Privacy and Civil Liberties Oversight Board, EPIC sent a statement to the Senate Judiciary Committee outlining priorities. EPIC said the Civil Liberties Board should (1) release the report on Executive Order 12333; (2) review the use of facial recognition technology and propose safeguards; (3) review the use of artificial intelligence and propose safeguards; and (4) monitor proposals for "smart" borders and assess privacy impacts on U.S. residents. The independent agency reviews federal agency programs to ensure adequate safeguards for privacy and civil liberties. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9/11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award.

House Committee Report: 'Additional Federal Authority Could Enhance Consumer Protection'

In advance of a hearing on consumer privacy, the House Energy & Commerce Committee released a GAO report calling for federal legislation to "enhance consumer protections." The announcement follows the scheduling of a Senate Commerce hearing the same week. The report highlighted the Fair Information Practices (FIPs) as a framework for federal privacy law, an approach long supported by EPIC. The GAO report further noted that the FTC has failed to use its existing authorities to regulate privacy. EPIC has advocated for the establishment of a federal data protection agency to ensure strong consumer privacy rights.

State Consumer Protection Report Highlights Privacy Cases

A recent report by the Center for State Enforcement of Antitrust and Consumer Protection Laws highlighted major privacy actions by state attorneys general, including New York's lawsuit against Apple for the FaceTime bug and California's settlement with Aetna for sending letters that revealed, through an oversized clear window, that the recipient was taking HIV-related medication. Several Attorneys General, including the DC attorney general, have sued Facebook over the Cambridge Analytica scandal. EPIC opposes federal preemption of state law, has defended the enforcement powers of state attorneys general, and established the EPIC State Policy Project to highlight model state privacy law.

Grand Chamber of Human Rights Court to Review UK Surveillance

The European Court of Human Rights Grand Chamber has agreed to review Big Brother Watch v. UK, a case concerning UK surveillance power revealed by Edward Snowden. Last year the Court ruled that the communications surveillance regime narrowly violated human rights, and stopped short of ruling that bulk surveillance violated fundamental rights. The Grand Chamber, a larger panel of judges, has now agreed to hear the case again. The Chamber only agrees to review cases raising important human rights issues. The groups that brought the case requested referral and urged the Court to rule mass surveillance incompatible with human rights. EPIC filed a brief in the original case explaining that the U.S., which transfers intelligence data to the UK, has "technological capacities" enabling "wide scale surveillance." In an article, EPIC called the initial ruling against UK surveillance "narrow" but "important."

Intelligence Chiefs: New Threats to Democratic Institutions

In a recent hearing, the chiefs of the U.S. intelligence agencies told Senators that foreign adversaries will "increasingly use cyber capabilities" to "seek political, economic, and military advantage." The intelligence leaders further stated that foreign powers are "already looking to the 2020 election" in order to advance their interests, and that those powers will "almost certainly" target online operations to weaken democratic institutions. After the 2016 election, EPIC launched a project on Democracy and Cybersecurity to safeguard democratic institutions. EPIC filed a series of Freedom of Information Act lawsuits to determine the extent of Russian interference: EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). EPIC has said, "The public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election. And the public has a right to know what steps have been taken to prevent future attacks."

EPIC in the News

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

'Going Digital.' Mar. 11-12, 2019. OECD, Paris. Marc Rotenberg, EPIC President.

'Privacy: Has Targeted Marketing Gone Too Far?' Mar. 13, 2019. SXSW, Austin, Texas. Christine Bannan, EPIC Consumer Protection Counsel.

AI World Society. Apr. 25, 2019. Harvard University, Cambridge, MA. Marc Rotenberg, EPIC President.

EPIC Champions of Freedom Awards Dinner. June 5, 2019. National Press Club, Washington, DC.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security