EPIC Alert 26.05

1. #EnforceTheOrder: EPIC Launches Campaign to Trigger FTC Action Against Facebook

EPIC has launched the #EnforceTheOrder Campaign to urge action on the Federal Trade Commission's 2011 privacy Consent Order against Facebook. The FTC has not taken a single enforcement measure against Facebook since issuing the order. The #EnforceTheOrder campaign urges the FTC to act before March 26, 2019—the one-year anniversary of the date the FTC announced it was reopening the commission's Facebook investigation.

The #EnforceTheOrder campaign calls for privacy-protective changes in Facebook's business practices like unwinding the WhatsApp and Instagram mergers, reforming hiring processes, and installing a director to represent users. Many experts agree that Facebook violated the 2011 Consent Order, including Senator Richard Blumenthal (D-CT), Sen. Josh Hawley (R-MO), former FTC Chair William Kovacic, former FTC CTO Ashkan Soltani, and Internet policy expert Tim Wu.

Earlier this week, EPIC hosted an #EnforceTheOrder press conference moderated by EPIC President Marc Rotenberg at the Fund for Constitutional Government on Capitol Hill. Participants included speakers from U.S. PIRG, Public Citizen, and EPIC.

On the same day as EPIC's press conference, Rep. David Cicilline (D-RI), Chairman of the House Judiciary Committee's Subcommittee on Antitrust, published a New York Times op-ed asking the FTC to investigate Facebook for violating antitrust laws. Citing EPIC's work, Chairman Cicilline said "For years, privacy advocates have alerted the commission that Facebook was likely violating its commitments under the agreement. Not only did the commission fail to enforce its order, but by failing to block Facebook's acquisition of WhatsApp and Instagram, it enabled Facebook to extend its dominance."

Rep. Cicilline made clear that data merger deals implicate competition law, which EPIC has long argued. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger.

2. EPIC Celebrates Sunshine Week With 2019 FOIA Gallery

In celebration of Sunshine Week, EPIC has unveiled the 2019 FOIA Gallery featuring critical information about the activities of the government obtained through the use of the Freedom of Information Act. Since 2001, EPIC has published annual highlights of EPIC's most significant open government cases and the records disclosed as a result of those cases.

In 2018, EPIC obtained emails about mass surveillance programs developed by Justice Kavanaugh as a White House legal advisor during the George W. Bush administration. Some of these correspondences include emails between Justice Kavanaugh and John Yoo, architect of the warrantless wiretapping program that was eventually overturned by Congress.

EPIC also obtained documents from Customs and Border Protection detailing the agency's scramble to implement a flawed facial recognition program on travelers entering and exiting the country. The documents disclosed to EPIC were covered in depth by Buzzfeed. Following the story, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the facial recognition program.

This year's gallery features communications between the Federal Trade Commission and Facebook about the agency's failure to enforce the 2011 Consent Order, which show the Commission did not act on public evidence that Facebook violated the Order. The communications reveal an amicable relationship between the Commission and Facebook in which enforcement was not a priority.

EPIC also obtained records about the controversial Department of Homeland Security "media monitoring" program. These records demonstrate that the agency bypassed its own privacy officials and ignored the privacy and First Amendment implications of monitoring journalists, news outlets, and social media accounts.

Finally, this year's gallery highlights a significant ruling from the D.C. Circuit in EPIC v. IRS, in which the court stated that the IRS "misunderstands its FOIA disclosure obligations." EPIC v. IRS is one of two cases EPIC filed to obtain the public release of President Trump's tax records. In EPIC v. IRS, the district court noted that President Trump tweeted, "For the record, I have ZERO investments in Russia. Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING!"

3. EPIC Challenges Facial Recognition at Airport, Files FOIA Lawsuit for Agency Procedures

EPIC has filed a Freedom of Information Act lawsuit to determine whether the U.S. government is allowing travelers to opt out of facial recognition at airports. The "alternative screening procedures" established by Customs and Border Protection should allow travelers to provide identification documents, such as a passport, and to avoid facial recognition, which "is not mandatory for U.S. citizens." But research by EPIC indicates that CBP has modified the program, making it increasingly difficult for travelers to opt-out.

CBP implemented its facial recognition program without undergoing any of the legally required rulemaking procedures. Moreover, CBP has repeatedly changed the information provided to passengers on alternative screening procedures on its Frequently Asked Questions page. This shows that, in the absence of regulation, CBP is making up the rules as it goes along.

As EPIC previously wrote to the DHS Data Privacy and Integrity Advisory Committee, the immigration legislation that the program purportedly implements makes "[n]o mention of the collection of U.S. citizens' biometric information[.]" Nonetheless, documents obtained by EPIC reveal the program has been applied to U.S. persons merely because "CBP does not believe there is enough space or enough time to separate U.S. citizens from non-U.S. citizen visitors prior to boarding while assuring departure without significantly burdening travelers, air carriers, and airports."

Last week, Buzzfeed featured documents EPIC obtained about this flawed facial recognition program, which the Administration is seeking to establish at all U.S. airports. The day after the documents were made public, Senators Edward J. Markey (D-MA) and Mike Lee (R-UT) renewed their call for a halt to the program until a rulemaking with public comment "establish[es] privacy and security rules of the road." The Senators also demanded that the agency inform American travelers about data policies surrounding the program and, importantly, how to opt out.

EPIC has also urged Congress to suspend the CBP Biometric Entry-Exit program until privacy safeguards and meaningful opt-out procedures are established. EPIC's case is EPIC v. CBP, No. 19-cv-689 (D.D.C. March 12, 2019).

4. EPIC Urges FAA to Require Remote ID for Drones

EPIC, joined by other privacy groups, submitted comments on the FAA's interim final rule for external ID for drones. The proposal requires the external display of registration numbers on drones. While EPIC agreed that external markings are preferable to hidden identifiers, EPIC said the rule did not go far enough.

"Because drones present substantial privacy and safety risks, EPIC recommends that the FAA require any drone operating in the national airspace system to broadcast location when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information," EPIC told the FAA.

EPIC also suggested the agency require operators to register and broadcast surveillance capabilities. "The public should not be left to wonder what surveillance devices are enabled on a drone flying above their heads," EPIC explained. "Drone operators should be required to broadcast this information and not permitted to suppress the broadcast. If the capabilities of the drone are altered, the drone operators should be required to update his or her registration."

EPIC has long advocated for remote identification mandates for drones and petitioned for regulation of these surveillance tools. EPIC is currently pursuing records about a key FAA task force, the Drone Advisory Committee, to understand why the agency has not promoted better privacy safeguards.

5. Reports: NSA Call Record Program Shut Down

The National Security Agency has reportedly ended the controversial bulk collection of Americans' phone records. The USA Freedom Act limited the NSA's collection program in 2015. However, the NSA has acknowledged major compliance problems, and doubts remain about renewal of the program later this year.

According to the New York Times report, the NSA "has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year[.]" A senior Hill aide told the Times that it is not clear "that the administration will want to start [the program] back up."

In 2013, EPIC filed a petition with the U.S. Supreme Court challenging the lawfulness of the program. EPIC told the Court that "It is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation. Such an interpretation of Section 1861 would render meaningless the qualifying phrases contained in the provision and eviscerate the purpose of the Act."

EPIC and a coalition have since called attention to the NSA's failure comply with the requirements of the Freedom Act. EPIC previously called for an end to the phone record collection program.

News in Brief

Senators Introduce Facial Recognition Privacy Act

U.S. Senators Roy Blunt [R-MO] and Brian Schatz [D-HI] introduced a bill to protect consumers from companies collecting facial images. Senator Schatz said: "Our faces are our identities. They're personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces." EPIC previously urged the FTC to stop Facebook's use of facial recognition to capture personal identity. In 2018, EPIC charged that Facebook's facial recognition practices lacks privacy safeguards and violate the 2011 Consent Order with the FTC. EPIC has urged the FTC to #EnforceTheOrder as a one-year deadline approaches.

ANALYSIS: Justice Thomas Charts Path for Consumer Privacy Cases

In his dissenting opinion in Frank v. Gaos, Justice Thomas set out two key guidelines for future consumer privacy litigation. First, Justice Thomas said that consumer privacy cases could go forward when a "private right" is violated, such as when a violation of a federal privacy law is alleged. The Supreme Court adopted a somewhat more narrow standard in the Spokeo v. Robbinscase. Second, Justice Thomas made clear that class action settlements must provide a "meaningful" benefit to class members, which could include monetary relief or a change in business practices. Justice Thomas opposed the settlement in Gaos, explaining "because the class members here received no settlement fund, no meaningful injunctive relief, and no other benefit whatsoever in exchange for the settlement of their claims...." Justice Thomas did not rule out cy pres remainder settlements for "disposing of unclaimed or undistributable class funds" or cy pres-only settlements that provide some actual benefit to class members. EPIC set out very similar views in an amicus brief for the Supreme Court in the Gaos case, in related amicus briefs on standing and in court filings on class action fairness, as well as an academic article calling for reform of cy pres settlements.

Supreme Court Remands Controversial Cy Pres Deal

The Supreme Court this week sent Frank v. Gaos back to the lower courts because the Court could not decide if the proposed settlement in a privacy case was "fair, reasonable, and adequate" or if the case was properly before the Court. The case involves Google's disclosure of search histories to third parties without consent, a business practice that could violate several privacy laws. Under the terms of the settlement, there was no benefit to Internet users and Google was not prohibited from continuing the allegedly unlawful practice. In an amicus brief, EPIC stated, "the proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several organization objected to the original settlement on three separate occasions. EPIC routinely opposes settlements that fail to provide an actual benefit to Internet users. In this case, the Justices ordered the parties to address whether the Spokeo v. Robbins decision permits consumer privacy to go forward. EPIC filed a brief in Spokeo in support of consumers, and has filed similar briefs siding with consumers in several other cases.

EPIC, Coalition Call on Congress to End NSA Surveillance Program

EPIC joined civil liberties organizations this week in a statement to the House Judiciary Committee, calling for a permanent end to the NSA's phone record collection program. The groups asked that Congress to "hold hearings and make public information critical to permit an informed debate over the reauthorization of Section 215 and other provisions of the Patriot Act, which are set to expire December 15, 2019." The National Security Agency has reportedly ended the collection of Americans' phone records. The USA Freedom Act limited the NSA's bulk collection program. The NSA also acknowledged compliance problems and opposition to renewal is growing. In 2013, EPIC filed a petition with the Supreme Court, challenging the lawfulness of the NSA program. EPIC previously called for an end to the phone record collection program.

Rep. Cicilline: FTC Must Investigate Facebook's Antitrust Violations

In a New York Times op-ed, Congressman David Cicilline (D-RI), Chairman of the House Judiciary Committee's Subcommittee on Antitrust, has asked the FTC to investigate Facebook for violating antitrust laws. Citing EPIC's work, Chairman Cicilline said "For years, privacy advocates have alerted the commission that Facebook was likely violating its commitments under the agreement. Not only did the commission fail to enforce its order, but by failing to block Facebook's acquisition of WhatsApp and Instagram, it enabled Facebook to extend its dominance." Rep. Cicilline made clear that data merger deals implicate competition law, which EPIC has long argued. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. EPIC has launched the #EnforceTheOrder campaign to urge action on the consent order.

EPIC Seeks from FTC All Consumer Complaints about Facebook

EPIC has filed an urgent Freedom of Information Act request to the Federal Trade Commission seeking all pending complaints. As a result of the extensive work of consumer organizations, the Commission issued a consent order against Facebook in 2011 barring the company from making any future misrepresentations about the privacy and security of a user's personal information. But the FTC has failed to issue any fines or declare any of Facebook's actions, including the Cambridge Analytical scandal, a violation of the consent order. The FTC has also not published the number of pending consumer complaints against Facebook. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder.

U.S. AI Commission Holds Secret Meeting on National AI Policy

The National Security Commission on Artificial Intelligence held its first meeting last week, in secret. The Commission is tasked with advising the federal government on artificial intelligence. The Commission was established by the National Defense Authorization Act. Federal law requires commissions to operate transparently, yet the AI Commission provided no notice of the meeting and no opportunity for public participation. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC is now seeking the public release of the documents distributed at the AI Commission meeting.

National Archives Provides to EPIC Index of Kavanaugh Records

In response to EPIC's Freedom of Information Act lawsuit, the National Archives has provided an index of Justice Kavanaugh's records that contains an accounting of all records released by the National Archives so far. The letter includes an index of all e-mail and text files, including those withheld in full or in part. There was unprecedented secrecy surrounding the nomination of Judge Kavanaugh to the Supreme Court. EPIC's FOIA lawsuit and a related request by Senator Richard Blumenthal resulted in the public release of hundreds of thousands of pages about Judge Kavanaugh's work in the White House. The records include communications between Kavanaugh and John Yoo, the architect of the warrantless surveillance program.

U.S. Releases Annual Human Rights Report

The U.S. Department of State has released the annual report on human rights practices across the globe. The State Dept. report reviews adherence to "internationally recognized individual, civil, political, and worker rights, as set forth in the Universal Declaration of Human Rights and other international agreements," including the arbitrary or unlawful interference with privacy. The 2018 report highlights China's social credit system which "quantifies a person's loyalty to the government by monitoring citizens' online activity and relationships." The report also cites the Indian Supreme Court ruling that privacy is a fundamental right and Turkish authorities' investigation of more than 45,000 social media accounts between 2016 and April 2018. Two EPIC publications - The Privacy Law Sourcebook 2018 and Privacy and Human Rights: An International Survey of Privacy Laws and Developments - provide a comprehensive overview of privacy frameworks around the world and track emerging privacy challenges.

Internet of Things Legislation Introduced in Senate, House

Bipartisan legislation governing the Internet of Things was introduced last week in the Senate and House of Representatives. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 in the Senate, and Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) filed the bill in the House. The legislation would require the National Institute of Standards and Technology to set baseline security standards for Internet-connected devices. EPIC has diligently advocated for stronger regulation of IoT, and called attention to the privacy and security risks of connected cars in comments to NTHSA, complaints to the CFPB, congressional testimony, FTC workshops, petitions to NHTSA and an amicus brief to Ninth Circuit.

EPIC Among Nation's Leading FOIA Litigators

A report from the FOIA Project places EPIC among the top FOIA litigators in the United States, as measured by the number of FOIA lawsuits filed between 2001 and 2018. The FOIA Project provides comprehensive information on federal FOIA matters, including initial FOIA requests, administrative appeals, and FOIA lawsuits, and is operated by the Transactional Records Access Clearinghouse. The 2018 report on litigation by nonprofit groups finds that EPIC has filed a total of 74 FOIA lawsuits between 2001 and 2018, approximately divided between Democratic and Republican administrations. The other groups in the top 5 are Judicial Watch (391), ACLU (130), PEER (94), and CREW (88). EPIC celebrated Sunshine Week with the 2019 EPIC FOIA Gallery, highlighting important EPIC FOIA cases from the past year.

EPIC to Congress: Suspend the Census Citizenship Question

In advance of a hearing on the 2020 Census, EPIC has sent a statement to the House Oversight Committee urging Congress to require the Census Bureau to remove the citizenship question from the 2020 census. EPIC told the Committee that the Census Bureau failed to complete privacy impact assessments required by law. "Congress made clear that data collection simply could not occur without the completion of these assessments" EPIC explained. In EPIC v. Commerce, a case now before the D.C. Circuit Court of Appeals, EPIC recently filed an opening brief to block the Census Bureau from collecting citizenship data in the 2020 Census. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that "major privacy risks have not been addressed by the agency."

EPIC to Congress: FOIA Works

In advance of a hearing on the Freedom of Information Act, EPIC highlighted several recent open government cases. EPIC told the Committee about documents EPIC obtained through FOIA requests and litigation, including documents EPIC obtained, widely reported last week, about the plan to expand facial recognition at US airports. EPIC also described records obtained from the Federal Trade Commission about the agency's failure to enforce the consent order against Facebook. And EPIC described the open government case against the IRS seeking the release of President Trump's tax returns. Since 2001, EPIC has published an annual FOIA gallery in honor of Sunshine Week.

Court Gives School Officials Immunity in Suit Over Search of Student's Cell Phone

The Eleventh Circuit has issued a decision in Jackson v. McCurry. A student's family filed the case after school officials searched her cell phone without probable cause. The appeals court ruled against the student because the law limiting searches of student cell phones was not "clearly established." EPIC filed an amicus brief, arguing that searches of student phones should be "limited to those circumstances when it is strictly necessary" after the Supreme Court's decision in Riley v. California. EPIC wrote that "most teenagers today could not survive without a cellphone." The court recognized the need to limit school searches of cell phones, noting that "the reasoning of Riley treats cellphone searches as especially intrusive in comparison to searches incident to arrest of personal property" and that "a search of a student's cellphone might require a more compelling justification than that required to search a student's other personal effects." However, the court refused to hold that this right was "clearly established." EPIC routinely files amicus briefs in cases raising new privacy issues. EPIC has also long advocated for greater student privacy protections, including a Student Privacy Bill of Rights.

Following EPIC FOIA, Senators Tell DHS to Suspend Facial Recognition

After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program. The Senators stated that "DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether." EPIC recently filed a Freedom of Information lawsuit, EPIC v. CBP, to determine whether the agency is allowing travelers to opt-out of facial recognition. EPIC's earlier lawsuit against the DHS led to the removal of backscatter x-ray devices at U.S. airports.

Senators Markey, Hawley Introduce Children's Privacy Legislation

Senators Edward Markey (D-Mass.) and Josh Hawley (R-Mo.) have introduced legislation to update the Children's Online Privacy Protection Act (COPPA). The bill bans internet companies from collecting personal or location information from children under 13 without parental consent and from teens ages 13-15 without the user's consent. EPIC testified before Congress in support of the original children's privacy law and backed the 2013 regulations that updated the law. EPIC recently submitted comments in support of the FTC's proposed extension of the information collection requirements for COPPA, but said the law "would be more effective if the FTC established new limits on how firms can collect and use children's data."

Senator Hawley Says FTC Approach to Big Tech is 'Toothless'

Senator Josh Hawley (R-MO) has sent a letter to the Federal Trade Commission urging a more aggressive approach to privacy protection. Senator Hawley outlined the many privacy violations by tech giants in recent years, including Facebook's failure to honor the promises it made when it acquired WhatsApp, Google's use of location data, and the disclosure of personal information to third parties by many platforms. "There is no excuse for inaction," Senator Hawley said. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder, @FTC.

EPIC Advises Senate on Federal Privacy Legislation

Prior to a hearing on "GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation," EPIC has sent a letter and related materials to the Senate Judiciary Committee advising on federal privacy legislation. EPIC Executive Director Marc Rotenberg recently wrote in the New York Times, "There is still much that Congress can do to strengthen privacy protections for Americans. Enacting federal baseline legislation and establishing a data protection agency would be a good start." EPIC also sent the Committee EPIC commentaries from the Financial Times, Techonomy, the OECD Observer, and the Harvard International Review.

Buzzfeed: EPIC Docs Reveal Flawed Facial Recognition Program

At the start of Sunshine Week, Buzzfeed featured documents obtained by EPIC about a deeply flawed facial recognition program that could impact all U.S. travelers returning to the United States. The documents, released following an EPIC FOIA request, describe the Administration's plan to extend a faulty CBP pilot program to TSA, ICE, and the Coast Guard. Documents previously obtained by EPIC, following a lawsuit against DHS, found similar problems with a facial recognition program at the southern border.

At OECD, EPIC's Rotenberg Calls for 'Bold' AI Framework

Speaking to the Going Digital Summit of the OECD in Paris, EPIC President Marc Rotenberg urged the OECD to adopt a bold framework for AI that will safeguard fundamental rights. "The OECD is uniquely situated to put forward an international framework that spurs innovation, and protects democratic institutions and human rights," said Mr. Rotenberg. The OECD Civil Society Advisory Council has promoted the Universal Guidelines for AI, a policy framework endorsed by more than 250 experts and 60 associations in more than 40 countries.

EPIC Investigates the Transfer of Personal Data from DHS to Census Bureau

EPIC has submitted urgent Freedom of Information Act requests to the Department of Homeland Security (USCIS and the Office of Immigration Statistics) and the Census Bureau for records about the planned transfer of personal data from DHS to the Census Bureau. After a federal judge in California ruled that adding a citizenship question to the 2020 Census was unconstitutional, the AP reported that DHS would disclose to the Census Bureau personal data, including names, addresses, birth dates, Social Security numbers, and alien registration numbers. The Census Bureau confirmedthat the agency was preparing an agreement with DHS to "receive administrative records." In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).

Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers

In a Senate Judiciary Committee hearing earlier this month, Senator Richard Blumenthal said that antitrust enforcers must consider unwinding anticompetitive mergers. "Over the past decade tech companies have in effect been given a free pass by antitrust regulators," Senator Blumenthal said. "Facebook perhaps should never been allowed to acquire Instagram, Google to acquire DoubleClick. I have come to the conclusion that maybe post merger, some of these transactions should be challengeable, rarely done, but still challengeable, especially when the merger is approved on conditions that are then violated." Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger.

Senate Report Finds Equifax failed to Address Known Cybersecurity Risks

In a report released this month, the Senate Homeland Security Investigations Subcommittee found that Equifax was aware of cybersecurity weaknesses for years before the massive breach in 2017, which affected 148 million U.S. consumers. The Senate report found that Equifax chose "efficient business operations rather than security protocols" that allowed a foreign government to access the authenticating details, including dates of birth and SSNs, of American consumers. In December, the House Committee on Oversight released a report which found that the Equifax breach was "entirely preventable." Following the Equifax data breach, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft.

Second Court Blocks Census Citizenship Question

A federal court in California has blocked the Census Bureau from adding a citizenship question to the 2020 Census, becoming the second court to do so. The court found that the Bureau made an arbitrary decision to include the citizenship question, then engaged in a "cynical search to find some reason, any reason" to "justify that preordained result." A federal court in New York recently blocked the citizenship question in a different case, but the Supreme Court is set to review that decision. In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).

DHS Privacy Advisory Committee Finalizes Facial Recognition Report

The DHS Privacy Advisory Committee issued final recommendations on facial recognition use at the border. The report examined transparency, data minimization, data quality and integrity, and accountability and auditing. The report said entrants to the U.S. need notice of their rights and how to exercise those rights. The final recommendations differed only slightly from the draft recommendations. In response to EPIC's comments, the final report included recommendations for increased reporting and research of facial recognition accuracy. However, the DHS report failed to address the lack of legal authorization for the facial recognition program or establish that the program is necessary for national security.

EPIC Urges Congress to Examine Surveillance at the Border

In advance of a hearing on border security, EPIC sent a statement to the House Committee on Homeland Security urging an examination of surveillance programs in use at the border. EPIC asked the Committee to examine the warrantless searches of mobile devices, social media profiling, and the use of drones. EPIC has filed several FOIA lawsuits against DHS regarding these surveillance activities, warning that border surveillance programs often capture the personal data of Americans. A previous FOIA lawsuit EPIC v. CPB uncovered Palintir's role in the development of the Analytical Framework for Intelligence, a program that assigns "risk assessment" scores to travelers, including U.S. citizens.

EPIC to Congress: Require Algorithmic Transparency To Prevent Discriminatory Profiling

Prior to a hearing on "Inclusion in Tech: How Diversity Benefits All Americans," EPIC has sent a statement to a House committee. EPIC said that "algorithmic transparency" could reduce bias and help ensure fairness in automated decisionmaking. EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC, Color of Change, the Open Markets Institute, and others have also urged the FTC to require Facebook to reform is hiring practices. "If the company wishes to connect the world," EPIC and the groups wrote, "it must also be prepared to reflect the world in all of its decision-making."

EPIC in the News

• Facial recognition takes off at airports. Privacy experts want it grounded, CNET, March 21, 2019
• Is Facial Recognition the Key to Safe, Efficient Airports?, CNET, March 21, 2019
• Congress Urged To Scrap NSA Phone Spying Program, Law360, Mar. 20, 2019
• What Twitter's Privacy Changes Mean for You, NBC Bay Area, Mar. 19, 2019
• Nearly 40 advocacy groups press lawmakers over NSA call records program, The Hill, Mar. 19, 2019
• The Case for Investigating Facebook, New York Times (Opinion), Mar. 19, 2019
• You can use tech to track your baby's every movement and milestone — but should you?, Minneapolis Star Tribune, Mar. 18, 2019
• Facial recognition 101: Your face is your new fingerprint, CNET, Mar. 18, 2019
• Congress wants 'Internet of Things' protected, WND, Mar. 16, 2019
• How Google Influences the Conversation in Washington, WIRED, Mar. 14, 2019
• FOIA Documents Detail DHS/CBP's Rules-Free Rollout Of Biometric Scanning Program, TechDirt, Mar. 14, 2019
• Judicial Watch: The nation's FOIA champion, Washington Times, Mar. 14, 2019
• Federal Privacy Rules Could Take Cue From Kids' Data Law, Law360, Mar. 13, 2019
• Civil rights groups say CBP ignored them and skipped public feedback for Biometric Entry/Exit, Biometric Update, Mar. 13, 2019
• US Government Forging Ahead With Airport Facial Recognition Plans, TechNewsWorld, Mar. 13, 2019
• Legislation May Be In The Works On Capitol Hill To Crack Down On Big Tech, NPR, Mar. 12, 2019
• Privacy Advocates Sound Alarm as CBP 'Scrambling' to Deploy Facial Recognition at Major US Airports, Common Dreams, Mar. 12, 2019
• US Customs to speed up facial recognition adoption at airports despite privacy concerns, TechSpot, Mar. 12, 2019
• US Rushing to Implement Facial Recognition at Top Airports Read Newsmax: US Rushing to Implement Facial Recognition at Top Airports | Newsmax.com Urgent: Do you approve of Pres. Trump? Vote Here in Poll , Newsmax, Mar. 12, 2019
• US setting up facial recognition at major airports without 'proper vetting,' says report, CNET, Mar. 12, 2019
• Facial Recognition Is Already Being Used At 17 Of The Top 20 International Airports Across The Country, UPROXX, Mar. 12, 2019
• These Senators Want Homeland Security To "Pause" Its Facial Recognition Program At Airports, BuzzFeed, Mar. 12, 2019
• Airport Facial Recognition is Here and Expanding: What Are Your Rights? Can You Opt-Out?, Newsweek, Mar. 12, 2019
• GOP Sen. Josh Hawley slams 'toothless' federal response to privacy abuses at Facebook and Google, Washington Post, Mar. 11, 2019
• These Documents Detail The Government's Plan To Use Facial Recognition On All International Passengers In Top 20 US Airports, BuzzFeed, Mar. 11, 2019
• US-Regulator entscheidet über Strafausmaß für Facebook, Radio FM4 (Germany), Mar. 11, 2019
• Report: 20 major airports may get face recognition for international travelers by 2021, Fast Company, Mar. 11, 2019
• US Government Plans Facial Recognition At 20 Major Airports -- Should You Be Concerned?, Forbes, Mar. 11, 2019
• Senator Hawley Blasts Tech Companies Over Privacy Violations, MediaPost, Mar. 11, 2019
• The Trump administration wants to expand face-scanning at airports ASAP, BGR, Mar. 11, 2019
• DHS plan to share non-citizens' data with Census Bureau could further spook immigrants, experts say, Washington Post, Mar. 8, 2019
• Elizabeth Warren's plan to regulate tech giants would force Facebook to break up with WhatsApp and Instagram, Business Insider, Mar. 8, 2019
• In major shift, Facebook puts focus on users' privacy, Boston Globe, Mar. 7, 2019
• Facebook plans to tie itself together as regulators debate tearing it apart, The Verge, Mar. 7, 2019
• A more private Facebook? Critics slam Mark Zuckerberg's 'PR masterpiece', Mercury News, Mar. 7, 2019
• Ahead of court ruling, Census Bureau seeks citizenship data, Associated Press, Mar. 6, 2019
• Facebook's new vision: Cross-platform messaging between Instagram, WhatsApp and Messenger, USA TODAY, Mar. 6, 2019
• Facebook to link Instagram, Messenger and WhatsApp, CBS News, Mar. 6, 2019

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

Tech Frontiers in Communications Privacy. Mar. 21, 2019. ABA/FCBA. Washington, DC. Alan Butler, EPIC Senior Counsel.

Consumer Privacy Law and the Impact of Evolving Technology. Mar. 22, 2019. University of St. Thomas School of Law, Minneapolis, MN. Christine Bannan, EPIC Consumer Protection Counsel.

Digital Technology in the Age of Artificial Intelligence: A Comparative Perspective. Mar. 29, 2019. The Brookings Institute, Washington, DC. Bilyana Petkova, EPIC Scholar in Residence.

UK Data Protection Practitioners' Conference 2019. Apr. 8, 2019. Manchester, UK. Marc Rotenberg, EPIC President.

FTC Hearing: The FTC's Approach to Consumer Privacy. Apr. 10, 2019. Washington, DC. Christine Bannan, EPIC Consumer Protection Counsel.

AI World Society. Apr. 25, 2019. Harvard University, Cambridge, MA. Marc Rotenberg, EPIC President.

Cyber Crime Review. Aug. 8, 2019. ABA Annual Meeting, San Francisco, CA. Alan Butler, EPIC Senior Counsel.

EPIC Champions of Freedom Awards Dinner. June 5, 2019. National Press Club, Washington, DC.