You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC Alert 26.20

EPIC Alert logo

1. Bill to Establish Data Protection Agency Introduced in Congress

Representatives Eshoo and Lofgren have introduced the Online Privacy Act, a comprehensive framework for data protection in the United States. The bill would establish a data protection agency, create meaningful privacy safeguards for consumers, and hold companies accountable for the collection and use of personal data.

The Online Privacy Act is based on Fair Information Practices and includes a provision on algorithmic accountability. The bill would also enable consumers to bring suit against companies when their privacy rights are violated and protect the ability of states to enact privacy statutes that are stronger than federal law.

"The Electronic Privacy Information Center carefully reviewed the privacy bills pending in Congress and we have now rated the Online Privacy Act #1," EPIC Policy Director Caitriona Fitzgerald said in a statement. "The Online Privacy Act sets out strong rights for Internet users, promotes innovation, and establishes a data protection agency. This is the bill that Congress should enact."

EPIC's report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a privacy law, including federal baseline legislation and the creation of a Data Protection Agency.

2. EPIC's Rotenberg Calls for End to Facebook Political Ads

In recent testimony before the International Grand Committee on Disinformation and Fake News, EPIC President Marc Rotenberg called for an end to Facebook's political ads. Later the same day, the Committee agreed to principles to advance the global regulation of social media.

"Until adequate legal safeguards are established, Facebook must be prohibited from selling political advertising," Rotenberg told the Committee. "The company's recently stated view of political advertising is both reckless and irresponsible." Rotenberg added that advertising revenue should "flow back to traditional media and help strengthen independent journalism."

"Facebook has adopted a view of the free expression with little regard for political debate that seeks to shield its business practices from regulatory scrutiny," EPIC's Rotenberg explained. "At the same time, Facebook is consolidating power as the gatekeeper for global news and information, determining through settings it alone what information is received, by whom, and when."

Rotenberg also urged enforcement of the GDPR. "History must not repeat itself," Rotenberg said, citing the failure of the U.S. Federal Trade Commission to act when it had the opportunity to do so.

Rotenberg later praised the Committee's resolution on the regulation of social media as "an important step forward. The Committee has recognized that self-regulation has failed and that social media firms must be subject to the rule of law and democratic institutions. EPIC fully supports the recommendation for transparency regarding the source, targeting methodology and levels of funding for all online political advertising. But the Committee will need to do more to safeguard election integrity."

The international Committee, which met this month in Dublin, is comprised of lawmakers from 14 countries, including Rep. Cicilline, chair of the House committee on antitrust.

3. EPIC to Congress: End Section 215 Surveillance Program

In advance of a hearing on reauthorizing the Freedom Act, EPIC sent a statement to the Senate Judiciary Committee urging Congress to end the NSA's phone record collection program, known as "Section 215." EPIC wrote "events of the past few years make clear that Section 215 should not be renewed."

Section 215 of the Patriot Act allowed the NSA to collect the telephone records of Americans. In 2013, following the Snowden disclosures, EPIC filed a petition with the Supreme Court challenging the lawfulness of Section 215. Congress found the 215 program was ineffective and passed the USA Freedom Act to limit data collection.

"Since Congress attempted to reform Section 215 with the USA FREEDOM Act, multiple compliance violations continue to plague the program," EPIC told Congress. "In addition to concerns about compliance, there is little evidence that the Section 215 program is effective," EPIC explained.

The Director of National Intelligence recently confirmed that the Section 215 program has been suspended. Section 215 will sunset unless Congress chooses to reauthorize the program.

4. EPIC Files Complaint With FTC About Employment Screening Firm HireVue

EPIC has filed a complaint with the FTC alleging that recruiting company HireVue has committed unfair and deceptive practices in violation of the FTC Act. The company purports to evaluate a job applicant's qualifications based upon their appearance by means of an opaque, proprietary algorithm.

EPIC charged that HireVue falsely denies it uses facial recognition. EPIC also said the company's hiring algorithms fail to comply with baseline standards for AI decision-making, such as the OECD AI Principles and the Universal Guidelines for AI.

"Because these algorithms are secret—even to HireVue itself, in some cases—it is impossible for job candidates to know how their personal data is being used or to consent to such uses," EPIC explained. "HireVue's intrusive collection and secret analysis of biometric data thus causes substantial privacy harms to job candidates."

EPIC has brought many similar consumer privacy complaints to the FTC, including a complaint on Facebook's facial recognition practices that contributed to the FTC's 2019 settlement with Facebook. Last year EPIC also asked the FTC to investigate the Universal Tennis Rating system, a secret technique for scoring high school athletes.

5. EPIC to Court: AI Commission Must Comply With FOIA

EPIC recently told a federal court that the National Security Commission on Artificial Intelligence must comply with the Freedom of Information Act. EPIC, which filed suit against the Commission in September, explained that Congress left "no doubt that the AI Commission is subject to the FOIA."

Created by Congress in 2018, the AI Commission is tasked with considering "the methods and means necessary to advance the development of" AI in a national security setting. EPIC has repeatedly urged the Commission to conduct a transparent process and to endorse the Universal Guidelines on Artificial Intelligence.

But the AI Commission has operated largely in secret and claims that it is exempt from open government laws. The Commission has received almost 200 closed-door briefings, with no published agendas and no public minutes.

EPIC's filing follows the recent release of the Commission's first major report to Congress. The report acknowledges that "AI tools present states with greater capabilities to monitor and track their citizens or those of other states," but the report criticizes the EU's "privacy-first approach" under the General Data Protection Regulation and calls for greater "government access to data on Americans."

EPIC's case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

News in Brief

European Parliament Issues Report on Law Enforcement Data Access Proposal

The influential LIBE Committee of the European Parliament has issued a long-awaited report on a proposal to create rules for law enforcement access to personal data stored outside the EU. The report of the Parliament on "e-Evidence" would revise an earlier proposal and create new safeguards, permitting access orders only when strictly necessary, restricting the circumstances when orders may be issued, limiting the use of information collected, and expanding remedies for individuals subject to unlawful access. Speaking at the European Parliament on the e-Evidence proposal last year, EPIC called for similar safeguards for law enforcement access to data, as well as data minimization, transparency, and notice to indivduals. EPIC recently led a coalition of 20 civil society organizations objecting to data access under the less protective U.S.-U.K. Agreement.

International Committee Adopts Resolution on Regulation of Social Media

The International Grand Committee on Fake News and Disinformation, meeting in Dublin, recently agreed to principles to advance the global regulation of social media. EPIC President Marc Rotenberg, who spoke earlier in the day to the Committee, praised the outcome. "This is an important step forward," said Mr. Rotenberg. "The Committee has recognized that self-regulation has failed and that social media firms must be subject to the rule of law and democratic institutions. EPIC fully supports the recommendation for transparency regarding the source, targeting methodology and levels of funding for all online political advertising. But the Committee will need to do more to safeguard election integrity." Mr. Rotenberg's prepared statement highlighted an opinion of the former European Data Protection Supervisor Giovanni Buttarelli, who said the solution to the challenge of fake news "is to be found beyond content management and transparency. We also need better enforcement of the rules on data processing, especially sensitive information such as health, political and religious views, and accountability."

EPIC, Coalition Issue Declaration on Harms of Social Media Surveillance

EPIC joined over 50 organizations in a declaration on the harms of social media surveillance by law enforcement. The groups said that social media surveillance is "often covert and conducted without oversight" and allows law enforcement "to monitor and archive information on millions of people's activities." As EPIC explained in a Spotlight on Surveillance, such surveillance "will subject more innocent people to government investigation." In an op-ed last year, EPIC Senior Counsel, Jeramie Scott, explained how private industry fuels social media monitoring, creating huge databases of personal data that is sold to law enforcement.

EPIC Seeks More Details on Secretive AI Commission Report

Following the release of a report by the National Security Commission on Artificial Intelligence, EPIC is seeking specific information about recommendations that could impact the privacy rights of Americans. EPIC previously sued the Commission to make public its records and meetings. Now EPIC wants to know why the Commission criticized the EU General Data Protection Regulation and why the Commission wants to amend U.S. privacy laws to allow "government access to data on Americans." EPIC is also curious why the Commission selectively published the names of organizations and businesses it consulted. The Commission is chaired by former Google CEO Eric Schmidt. EPIC filed suit against the Commission earlier this year to ensure transparency and public participation. The Commission has held more than 200 closed-door meetings. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C).

EPIC Urges D.C. City Council to Ban Face Recognition on Body Cameras

In a statement to the D.C. City Council, EPIC urged council members to ban the use of facial recognition technology on police-worn body cameras. The Council held a public roundtable to assess the use of police body-worn cameras by the Metropolitan Police Department. EPIC described the growing opposition to facial recognition technology in the United States as well as internationally. EPIC previously testified before the City Council on body cameras, stating there are "more productive means to achieve police accountability that do not carry the risk of increasing surveillance." A 2017 study of MPD body cameras found that the cameras had no impact on police use of force and civilian complaints.

EPIC, Coalition Call on DHS to Withdraw Social Media Data Collection Plan

EPIC, the Brennan Center and over 40 organizations have opposed the Department of Homeland Security plan to collect social media identifiers from immigrants and foreign travelers. The civil liberties coalition warned of the "chilling effect on speech, intrusion of privacy, and disparate impact" the plan would have. As EPIC explained in a Spotlight on Surveillance, government collection of social media data raises substantial privacy and civil liberties concerns. EPIC previously opposed a proposal by the DHS to collect social media identifiers. In EPIC v. DHS, a 2011 Freedom of Information Act case, EPIC uncovered the first agency plan to monitor social media.

Senator Booker Introduces Legislation Banning Face Surveillance in Public Housing

Presidential Candidate Cory Booker has introduced the No Biometric Barriers to Housing Act, a bill to ban the use of facial recognition technology in public housing. "Facial recognition technology has been repeatedly shown to be incomplete and inaccurate, regularly targeting and misidentifying women and people of color. We need better safeguards and more research before we test this emerging technology on those who live in public housing and risk their privacy, safety, and peace of mind," Senator Booker said. Congresswoman Yvette Clarke (D-NY) introduced similar legislation in the House in July. The House bill now has 10 cosponsors. EPIC recently testified before the Massachusetts Legislature in support of a moratorium on face surveillance. EPIC also organized a civil society declaration endorsed by over 80 organizations and 650 individuals to suspend the deployment of facial surveillance technology.

EPIC to Congress: Protect U.S. Consumer Data from Foreign Adversaries

In a statement to the Senate Judiciary Committee, EPIC urged lawmakers to pass legislation to safeguard consumer data from foreign adversaries. Prior to a hearing on "How Corporations and Big Tech Leave Our Data Exposed to Criminals, China, and Other Bad Actors," EPIC explained that "U.S. businesses, with their vast collections of personal data, remain the target of cyber-attack by criminals and foreign adversaries." EPIC warned the Senate about foreign access to consumer data in testimony over two years ago. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress, sets out the key elements of a privacy law, including federal baseline legislation and the creation of a Data Protection Agency.

Report Raises New Concerns About Privacy Safeguards for U.S. AI Deployment

A recent report released by the National Security Commission on Artificial Intelligence raises new concerns about privacy and human rights safeguards for the use of AI by the federal government. The report to Congress acknowledges that "AI tools present states with greater capabilities to monitor and track their citizens or those of other states" and that AI "increases the risk of human rights abuses or violation of individual privacy[.]" The Commission also calls for AI uses that are "consistent with constitutional principles of due process, individual privacy, equal protection, and non-discrimination." But the report criticizes the EU's "privacy-first approach" to AI, calling the GDPR "a significant obstacle in any efforts to standardize privacy regulations," even though many leading US companies have agreed to comply with the privacy law. The Commission's report was drafted almost entirely in secret, in violation of multiple open government laws. In September, EPIC filed suit against the Commission to ensure transparency and public participation. EPIC's case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Appeals Court: Trump Tax Returns Must Be Disclosed to Prosecutor

A federal appeals court has ruled that President Trump's accountants must turn over eight years of the President's personal tax returns to the Manhattan district attorney. The Second Circuit Court of Appeals rejected the President's attempt to block a grand jury subpoena for the returns, finding "no support" for the argument "that a President's private and nonā€privileged documents may be absolutely shielded from judicial scrutiny." EPIC previously sought President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President about his taxes. In EPIC v. IRS II, EPIC is seeking "offers-in-compromise" and related tax records of President Trump and his businesses.

EPIC Opposes Google-Fitbit Deal

In a statement released last week, Marc Rotenberg said that EPIC would oppose Google's proposed acquisition of the fitness tracking company Fitbit. Mr. Rotenberg said the deal should not be approved. "There is no reason to trust Google's assurances about privacy protection," Mr. Rotenberg said, citing previous matters involving Doubleclick, YouTube, Google HomeMini, and Nest. Noting statements antitrust enforcement by the the FTC Chairman and the Assistant Attorney General, Mr. Rotenberg also said, "The Google-Fitbit deal is a test of their commitment to competition, innovation, and data protection." EPIC brought the 2012 case against the FTC for the agency's failure to enforce the 2011 consent order against Google after the company consolidated user data across multiple services.

Ralph Nader, Color of Change Endorse U.S. Data Protection Agency

In a New York Times article, consumer advocate Ralph Nader endorsed the creation of a data protection agency. Nader told the Times that the U.S. needs a "new agency when the abuse pattern is so expansive that the authority in the existing agencies is obsolete and inadequate." Rashid Robinson, President of Color of Change, said "We need to have a new data protection agency, an agency that examines the social, ethical impact of high-risk data practices." EPIC and consumer groups have urged Congress to establish a data protection agency. EPIC has long advocated for a U.S. Data Protection Agency, noting that the United States is one of the few democracies in the world that does not have a federal data protection agency.

Senators Propose Alternative to "Opaque Algorithms"

A bipartisan group of Senators has introduced legislation that would give users the option to engage with a platform without being manipulated by algorithms driven by user-specific data. The Filter Bubble Transparency Act, sponsored by Senators Thune (R-SD), Blumenthal (D-CT), Moran (R-Kan.), Blackburn (R-Tenn.) and Warner (D-Va.), would require large platforms to provide users with the option of a filter bubble-free view of the information they provide. "This legislation is about transparency and consumer control," said Senator Thune. EPIC board member Shoshana Zuboff said, "Filter bubbles divide and conquer. The Filter Bubble Transparency Act begins the work of breaking this manipulative and divisive cycle." However, the bill stops short of requiring Internet companies to reveal the algorithms used to manipulate users. EPIC first warned the Federal Trade Commission about the risk of opaque search algorithms in 2011. EPIC has since advocated for Algorithmic Transparency and urged adoption of the Universal Guidelines for AI. In a 2017 statement for the Senate Commerce Committee EPIC wrote, "It is becoming increasingly clear that Congress must regulate AI to ensure accountability and transparency."

AI Commission Finalizes Report to Congress in Secret

The National Security Commission on Artificial Intelligence held yet another closed-door meeting last month to finalize its upcoming report to Congress and the President. Created by Congress in 2018, the AI Commission is tasked with considering "the methods and means necessary to advance the development of" AI to address national security and defense needs. But the Commission has operated almost entirely in secret, unlawfully denying the public access to its meetings and withholding nearly all of its records. In September, EPIC filed an open government lawsuit against the AI Commission to ensure transparency and public participation. EPIC's case is EPIC v. AI Commission, No. 19-2906 (D.D.C.).

Supreme Court Hears Arguments in Case Implicating License Plate Readers

The Supreme Court recently heard arguments in Kansas v. Glover, a case concerning car stops and the status of the registered owner's license. EPIC filed an amicus brief in the case which could lead to police stopping any vehicle if the registered owner's license is suspended. EPIC warned that the Court's decision, when combined with automated license plate readers, could "dramatically alter police practices" and "unfairly burden disadvantaged communities." EPIC provided empirical data for the Court that indicate that police use license plate readers more frequently in disadvantaged communities. EPIC also provided data that car sharing is more prevalent in these communities and therefore that many drivers whose license is not suspended will be stopped. EPIC noted that the Supreme Court has previously established legal safeguards in response to evolving policing techniques, such as GPS tracking devices, (United States v. Jones), cell phones searches (Riley v. California), and location data collection (Carpenter v. United States). EPIC recommended that the Court recognize the role of automated license plate readers in police stops. EPIC routinely files amicus briefs in federal and state courts concerning emerging privacy issues.

EPIC FOIA Lawsuit: Kavanaugh at White House Defended Warrantless Surveillance

New emails released in EPIC's lawsuit show that Justice Kavanaugh, as a White House adviser, defended the controversial warrantless wiretapping program that Congress ended in 2015. Following a New York Times article which revealed government wiretapping without judicial authority, Kavanaugh circulated legal justifications for the program. The emails obtained by EPIC also show that Kavanaugh and then Justice Department lawyer Neil Gorsuch placed a USA Today op-ed defending the program. In the nomination hearing for the federal appeals court, Kavanaugh downplayed his role in the wiretapping program, though judge Kavanaugh later defended the NSA program based on a novel legal theory that leading scholars disputed. Documents previously obtained by EPIC revealed that Kavanaugh exchanged hundreds of emails with White House and DOJ staff about the NSA surveillance program.

EPIC in the News

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The AI Policy Sourcebook 2019, edited by Marc Rotenberg (2019)

The AI Policy Sourcebook includes global AI frameworks such as the OECD AI Principles and the Universal Guidelines for AI. The Sourcebook also includes AI materials from the European Union and the Council of Europe, national AI initiatives, as well as recommendations from professional societies, including the ACM and the IEEE. The Sourcebook also includes an extensive resources section on AI, including reports, articles, and books from around the world.

EPIC v. Department of Justice: The Mueller Report, edited by Marc Rotenberg (2019)

EPIC v. Department of Justice: The Mueller Report chronicles the efforts to obtain a full account of Russian interference in the 2016 presidential election. EPIC filed the first lawsuit in the country for the release of the full and unredacted Mueller Report and obtained a newly redacted version in early May 2019. EPIC is now challenging the redactions made by the Department of Justice in federal court. This volume is an essential guide to the legal arguments about the redactions, the dispute between the Attorney General and the Special Counsel, and EPIC's request for the Mueller Report and other records about Russian interference in the 2016 presidential election.

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

Privacy and Personal Data Protection Enforcement. Nov. 18, 2019. EPIC and the UK ICO. OECD. Paris, France. Marc Rotenberg, EPIC President.

Convention 108+ And the Future Data Protection Global Standard. Nov. 19, 2019. Council of Europe. Strasbourg, France. Marc Rotenberg, EPIC President.

Privacy Legislation: The Times They Are A Changin. Nov 21, 2019. Georgetown Law Advanced eDiscovery Institute. Washington, DC. Marc Rotenberg, EPIC President.

Yale CEO Leadership Forum. Dec. 17-18, 2019. New York, NY. Marc Rotenberg, EPIC President.

2020 Aspen Institute Roundtable on Artificial Intelligence. Jan. 12-14, 2020. Santa Barbara, CA. Marc Rotenberg, EPIC President.

EPIC International Champion of Freedom Awards. Jan. 22, 2020. Brussels, Belgium.

CPDP 2020: Data Protection and Artificial Intelligence. Jan. 22–24, 2020. Brussels, Belgium. Marc Rotenberg, EPIC President.

EPIC Champion of Freedom Awards Dinner. June 3, 2020. Washington, DC.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security