You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC Alert 26.10

EPIC Alert logo

1. Blumenthal, Schakowksy, Richardson, and Ito Receive EPIC Champion of Freedom Awards

Last week at the National Press Club in Washington, DC, EPIC presented the 2019 EPIC Champion of Freedom Awards to Senator Richard Blumenthal, Representative Jan Schakowksy, Human Rights Watch China Director Sophie Richardson, and MIT Media Lab Director Joi Ito. CNN's Jeff Toobin emceed the EPIC Awards dinner with co-hosts Anita Allen and Paul Smith.

EPIC said that Senator Blumenthal has stood up for democratic values, from privacy protection to open government, and from election security to government accountability. Senator Blumenthal is currently leading efforts in the Senate to enact comprehensive, baseline privacy legislation. Speaking to a packed audience at the National Press Club, Senator Blumenthal said, "There shouldn't be anything partisan about protecting privacy. There is a real potential to end division and polarization." Senator Blumenthal also remarked, "When I was a state attorney general, we looked to EPIC as the gold standard as to what privacy means in America."

Representative Jen Schakowksy received the EPIC Champion of Freedom award for her work advancing comprehensive privacy legislation in the House. She is a lifelong champion of consumer rights and has called privacy the "civil rights issue" of the modern age.

Human Rights Watch China Director Sophie Richardson received the EPIC Privacy Champion award for the organization's groundbreaking report on Chinese surveillance. "China's Algorithms of Repression: Reverse Engineering a Xinjiang Police Mass Surveillance App" deconstructs a mobile app used by Chinese officials that aggregates masses of personal data and automatically flags individuals for review.

MIT Media Lab Director Joi Ito received the EPIC Lifetime Achievement award for his efforts to advance democracy, privacy, and Internet freedom. As director of the MIT Media Lab, he is now exploring how new approaches to science and technology can transform society in substantial and positive ways. Joi Ito remarked, "Now more than ever EPIC is the most important organization on the most important issue in democracy "

The EPIC Awards are given annually to individuals who have helped safeguard the right of privacy, promote open government, and protect democratic values with courage and integrity. Past recipients include Representative Justin Amash, Apple CEO Tim Cook, Senator Kamala Harris, Garry Kasparov, Senator Patrick Leahy, Edward Snowden, and Judge Patricia Wald.

Earlier in the day, EPIC hosted a policy panel at the National Press Club on "AI and Human Rights" with Sherry Turkle (MIT), Lynn Parker (White House), Sarah Box (OECD), Bilyana Petkova (EPIC), and Lorraine Kisselburgh (Purdue), moderated by Harry Lewis (Harvard). AAAS CEO Rush Holt gave keynote remarks. The panel discussed a wide range of topics concerning AI, technology, and society and also policy strategies, such as the recently adopted OECD AI Principles and the Universal Guidelines for AI. A video of the AI panel discussion is now available.

2. EPIC v. DOJ: Justice Department Fails to Justify Mueller Report Redactions

The Justice Department, in a recent court filing, failed to justify the agency's decision to withhold extensive material from EPIC contained in the Mueller Report. The filing—a motion for summary judgment—is part EPIC's Freedom of Information Act lawsuit for the release of the complete Mueller Report.

Without providing details about individual redactions, the Justice Department simply asserted that it need not disclose information to the public beyond what it previously published. The Justice Department stated that "as much information as possible has been segregated for release," even though 178 pages of the 448-page Report contain redactions and multiple pages are blacked out in full.

Notably, the Justice Department did not claim executive privilege in EPIC's Freedom of Information Act case, even though President Trump has asserted that privilege to withhold the complete Mueller Report from Congress. EPIC will file an opposition to the Justice Department's filing on June 24.

EPIC filed the first lawsuit in the nation to seek the unredacted Mueller Report. EPIC is simultaneously seeking extensive records from the Special Counsel's investigation into Russian interference in the 2016 Presidential election. The case is EPIC v. Department of Justice, No. 19-810 (D.D.C).

3. EPIC, USTPC Urge Election Commission to Protect Secret Ballot, Ban Internet-Connected Voting Machines

EPIC, along with the U.S. Technology Policy Committee of the Association for Computing Machinery, recently filed comments to the Election Assistance Commission on the Voluntary Voting System Guidelines 2.0. EPIC and USTPC supported the inclusion of strong principles for voter privacy, ballot secrecy, and data protection.

"The Election Assistance Commission should not miss this critical opportunity to make a strong statement that elections and the Internet don't mix," the groups wrote. Though states are not mandated to comply with the VVSG, the guidelines help shape the election security market.

EPIC and USTPC also urged the Commission to ban internet-connected voting machinery, citing the risks to voting integrity and democratic institutions. "The VVSG 2.0 are vital to protect our democratic institutions. The EAC should ban the use of internet-connected voting machines and protect ballot secrecy," the groups said.

EPIC has a long history of working to protect voter privacy and election integrity. In 2016, EPIC published a report on the importance of the secret ballot for democratic decisionmaking. The report found that a vast majority of states (44) have a constitutional provision guaranteeing secrecy in voting, while the six remaining states have statutory provisions referencing secrecy in voting.

4. EPIC v. DAC: Records Show FAA Drone Committee Ignored Privacy Risks

EPIC has obtained records from the FAA's Drone Advisory Committee confirming that the committee ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern.

EPIC filed suit last year to enforce the transparency obligations of the industry-dominated drone committee, which conducted much of its work in secret. The government attempted to have EPIC's suit dismissed, telling the Court that it had already published all of the committee's records. But the court was "unconvinced by Defendants' arguments" and ordered that EPIC's case go forward.

Despite the drone committee's earlier claims, the committee has now identified and released hundreds of documents that it unlawfully withheld from EPIC. The documents show that the committee initially recognized the importance of regulating drone privacy risks and even planned to form a "Privacy Subcommittee." Yet the committee entirely failed to address privacy issues before making final policy recommendations to the FAA.

EPIC has a long history of promoting government transparency and advocating for privacy protections against drones. The case is EPIC v. Drone Advisory Committee, No. 18-833 (D.D.C.).

5. State Department to Require Social Media Info from Visa Applicants

According to news reports, the State Department will now demand social media identifiers, email addresses, and phone numbers from nearly all visa applicants. The agency's revised visa forms are said to require applicants to provide account identifiers from the last five years for several social media platforms.

Last September, EPIC submitted comments to the State Department opposing the plan to collect social media and personal communication information. While the agency claimed it would use the collected data for "identity resolution and vetting purposes" to determine visa eligibility, EPIC warned that "the agency has not provided further details about other uses of social media identifiers and personal communications nor has it made clear how such data will be protected."

EPIC urged the State Department to retract the proposal, pointing to the substantial privacy, free expression, and security concerns the proposal raises. EPIC highlighted past government misuse of social media monitoring techniques, such as the NSA's bulk surveillance program.

Last May, EPIC and the Brennan Center led a coalition of 55 privacy, civil liberties, and civil rights organizations in opposition to the State Department plan. EPIC's 2011 Freedom of Information lawsuit against the DHS uncovered the first federal agency plan to monitor social media. Congress held hearings and the plan was suspended.

News in Brief

DOJ to EPIC: No Records of Non-Criminal Referrals by Special Counsel

The Justice Department told EPIC last week that it has no records of any outside referrals by Special Counsel Robert Mueller for "administrative remedies, civil sanctions or other governmental action outside the criminal justice system." The disclosure comes as part of EPIC v. Department of Justice, EPIC's Freedom of Information Act lawsuit for the release of the complete Mueller Report and related Special Counsel records. EPIC obtained the annotated version of the Special Counsel's report last month and has published that version at the EPIC Bookstore. EPIC's case will go forward this summer on an expedited briefing schedule. EPIC's case is EPIC v. Department of Justice, No. 19-810 (D.D.C).

EPIC Recommends NIST Implement OECD AI Principles, Back Universal Guidelines

EPIC has filed comments with the National Institute of Standards and Technology urging the U.S. to implement the OECD Principles on Artificial Intelligence and the Universal Guidelines for AI. NIST sought information from the public on the appropriate standards U.S. AI policy. EPIC called on NIST to begin implementing the OECD principles—the first international standard for AI, which the U.S. recently endorsed. EPIC also said the agency should go further by adopting the Universal Guidelines for AI. Over 250 experts and 60 organizations, representing more than 40 countries have endorsed the UGAI, which are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights.

EPIC Seeks Memos from FTC Enforcement Director About Inaction on Facebook Consent Order

EPIC has filed a Freedom of Information Act request with the Federal Trade Commission seeking memos and internal communications about the Associate Director of the Enforcement Division James A. Kohm. Kohm is responsible for overseeing enforcement of the consent order against Facebook. Since the FTC announced the 2011 Consent Order, the FTC has never charged Facebook with a single violation of the order. In March 2018, the FTC announced an investigation of Facebook following the Cambridge Analytica scandal. 430 days have now passed with no report, no fine, and not even an update about the status of the investigation. EPIC has repeatedly urged the FTC to #EnforceTheOrder against Facebook.

House Hearing Examines TSA Profiling

The House Committee on Homeland Security held a hearing on TSA's policies to prevent unlawful profiling. In his opening statement, Chairman Thompson said "it is unconscionable that TSA has not developed better oversight procedures" to prevent discriminatory practices. EPIC recently submitted comments to the TSA on the agency's 2020 strategy for transportation security. EPIC routinely comments on TSA screening practices. EPIC successfully sued the agency to block the deployment of x-ray body scanners in US body scanners.

House Oversight Committee Holds Hearing on Facial Recognition

The House Oversight Committee held a hearing on Facial Recognition Technology (Part II): Ensuring Transparency in Government Use. EPIC submitted a statement for the Committee's earlier hearing concerning the impact of facial recognition on civil rights. EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau also proposed to exempt the database from Privacy Act protections. EPIC has sued the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.

FCC Affirms Robocall Blocking by Default to Protect Consumers

The FCC voted to confirm that voice service providers may aggressively block unwanted robocalls before they reach consumers. The Commission stated: "While many phone companies now offer their customers call blocking tools on an opt-in basis, the Declaratory Ruling clarifies that they can provide them as the default, thus allowing them to protect more consumers from unwanted robocalls and making it more cost-effective to implement call blocking programs." EPIC has long advocated for robust telephone privacy protections. Recently, EPIC submitted comments to the FCC recommending that the agency (1) require phone providers to proactively block calls from numbers that are unassigned, unallocated, or invalid; (2) prohibit spoofing if there is an intent to defraud or cause harm; and (3) encourage the use of call authentication technology that safeguards caller anonymity. EPIC filed amicus briefs earlier this year and in 2015 that strengthened consumer protections for robocalls.

Facebook Loses Appeal to Halt European High Court Review of EU-U.S. Data Transfer

The Irish Supreme Court has dismissed an appeal by Facebook to stop the highest court in Europe from reviewing the transfers of personal data from the EU to the US. Facebook appealed a referral to the Court of Justice for the European Union on whether the transfer of data to the U.S. with standard contract clauses violates fundamental rights. EPIC is participating in that case now before the Court of Justice, DPC v. Facebook, expected to be argued July 9th. Ruling against Facebook, the Irish Supreme Court said the decision to refer a case cannot be appealed and must be decided by the referring court and the Court of Justice. "It is for the referring court, and that court alone, whether to make a reference and, indeed, whether to withdraw or amend the same," the Court concluded. EPIC also recently filed a third-party intervention with the European Court of Human Rights in Big Brother Watch v. UK, arguing that the Court should carefully review UK-U.S. intelligence transfers in the case assessing UK bulk surveillance.

Court Rules D.C. Attorney General's Lawsuit Against Facebook Will Proceed

The D.C. Superior Court denied Facebook's motion to dismiss the complaint filed by D.C. Attorney General over the privacy practices that led to Cambridge Analytica. The D.C. Attorney General alleged that Facebook failed to monitor third-party use of personal data and failed to ensure users' data was deleted. The lawsuit seeks financial penalties, and an injunction to establish safeguards to protect users' data. The court ruled that the case could proceed because "District of Columbia residents' widespread utilization of, and repeated exchange of personal information through Facebook's online social networking service, constitute 'transactions.'" EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order. Facebook anticipates a $3-5 billion fine from the FTC.

Senate Passes Anti-Robocall Act 97-1

The Senate overwhelmingly passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, sponsored by Senator John Thune (R-S.D.) and Senator Ed Markey (D-Mass.). The Act would give regulators more time to find scammers, increases civil penalties, promotes call authentication and blocking techniques, and brings together federal agencies and state attorneys general to coordinate prosecution of robocallers. EPIC has long advocated for robust telephone privacy protections and regularly files amicus briefs and comments in support of stronger consumer protections against robocalls.

New Report on the FTC's Big Tech Revolving Door Problem

A new report from the consumer group Public Citizen finds extensive conflicts of interest at the Federal Trade Commission. According to Public Citizen, most top officials at the Federal Trade Commission (FTC) become lawyers and lobbyists for major technology companies after they leave the agency or bring Silicon Valley conflicts with them when they arrive. These conflicts help explain the FTC's chronic reluctance to enforce consumer protection and antitrust laws, said Public Citizen. EPIC previously urged the FTC to block anticompetitive mergers, such as Google's acquisition of DoubleClick and Facebook's acquisition of WhatsApp, as well as to enforce the pending consent order against Facebook that EPIC helped establish in 2011. EPIC even sued the FTC when the consumer agency failed to enforce the consent order against Google, following the Buzz consent order. Over 400 days have passed since the FTC announced in March 2018 that it would reopen the investigation of Facebook. But still there is no fine, no report, and no update.

EPIC in the News

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

'AI World Society Standards.' June 25, 2019. AI World, Washington, DC. Marc Rotenberg, EPIC President.

Cyber Crime Review. Aug. 8, 2019. ABA Annual Meeting, San Francisco, CA. Alan Butler, EPIC Senior Counsel.

'Designing New Digital Divides: Tech Platforms' Myth of Inclusion Drives Exclusion.' Aug. 11, 2019. Academy of Management, Boston, MA. Marc Rotenberg, EPIC President.

'In Harm's Way: Smart Regulation of Digital & Network Technology.' Aug. 12–14, 2019. Conference on Communications Policy, Aspen, CO. Marc Rotenberg, EPIC President.

41st International Data Protection and Privacy Commissioners Conference. Oct. 21–24, 2019. Tirana, Albania. Marc Rotenberg, EPIC President.

CPDP 2020: Data Protection and Artificial Intelligence. Jan. 22–24, 2020. Brussels, Belgium. Marc Rotenberg, EPIC President.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security