Patel v. Facebook
Whether collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing
- Facebook Asks Supreme Court to Review Face Scan Decision: Facebook has filed a petition asking the Supreme Court to review a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance. (Dec. 5, 2019)
- Ninth Circuit Leaves in Place Case that Allows Users to Sue Facebook for Face-Scans: A federal appeals court has let stand a ruling that users can sue Facebook for collecting and using their facial images. The court previously held in Patel v. Facebook that an Illinois biometrics law protects "concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that the violation of a privacy law is sufficient for users to sue a company. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. (Oct. 23, 2019)
- Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition: A federal appeals court has ruled that users can sue Facebook for collecting and using their facial images. In Patel v. Facebook, users contend that Facebook violated an Illinois biometric privacy law by creating biometric templates of their faces without their consent. The court found that the Illinois law "protects the plaintiffs' concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." The court cited the common law roots of the right to privacy and also noted that "the Supreme Court has recognized that advances in technology can increase the potential for unreasonable intrusions into personal privacy." EPIC filed an amicus brief in the case, arguing that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC wrote the "Illinois Biometric Information Privacy Act imposes, by statute, legal obligations on companies that choose to collect and store individuals' biometric data." EPIC said that plaintiffs must only "demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Last year, EPIC filed an amicus brief in Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. EPIC routinely submits briefs in support of consumers' right to sue in privacy case. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. (Aug. 8, 2019)
More top news »
- EPIC, Coalition Calls for Surveillance Reforms in Response to DOJ Surveillance of Congress and Reporters » (Jun. 18, 2021)
In a
coalition letter, EPIC and more than twenty civil society groups called for reforms to surveillance statutes authorizing collection of sensitive information and gag orders. The letter follows
recent revelations that the Department of Justice spied on members of Congress and the press by collecting their communications and issued gag orders to hide that surveillance. The coalition also called for a thorough investigation by Congress and the DOJ. EPIC recently
endorsed a bill to stop government use of facial recognition and other biometric surveillance tools.
- Senator Markey Introduces Bill to Ban Face Surveillance » (Jun. 15, 2021)
Senator Edward J. Markey (D-Mass.), along with Senators Merkley, Sanders, Warren, and Wyden, as well as Congresswomen Jayapal, Pressley, and Tlaib today
introduced legislation to stop government use of biometric surveillance, including facial recognition tools. The
Facial Recognition and Biometric Technology Moratorium Act prohibits the use of facial recognition and other biometric technologies by federal agencies, including Customs and Border Protection. "Facial recognition poses a significant threat to our democracy and privacy,"
said Caitriona Fitzgerald, Deputy Director, Electronic Privacy Information Center (EPIC). "Facial recognition technology has been shown time and time again to be biased, inaccurate, and disproportionately harmful to people of color. The Facial Recognition and Biometric Technology Moratorium Act of 2021 would effectively ban law enforcement use of this dangerous technology. EPIC is proud to support it.” EPIC leads a campaign to
Ban Face Surveillance and through the
Public Voice Coalition has gathered support from over 100 organizations and experts from more than 30 countries. Recently, in an
open letter EPIC and a coalition of more than 175 civil society organizations and prominent individuals called for "an outright ban on uses of facial recognition and remote biometric recognition technologies that enable mass surveillance and discriminatory targeted surveillance."
- Biden Administration Abandons DHS Plans to Expand Biometric Collection » (May. 11, 2021)
According to a
news report, the Biden Administration plans to rescind a
proposed rule to massively expand the collection of biometric information from immigrants. The rule, proposed towards the end of the Trump Administration, would have granted the Department of Homeland Security broad authority to collect biometric data from immigrants and their families and associates. The rule would have enabled the collecting of palm prints, iris images, voiceprints, DNA, and images for facial recognition regardless of age. In
comments to the Department of Homeland Security, EPIC opposed the rule and urged the agency to rescind the proposed rule. EPIC argued that DHS']s broad authorization to collect biometrics was incompatible with the Department's Fair Information Practice Principle. EPIC also specifically called on the agency to suspend the use of facial recognition technology. Last year, EPIC, joined by over 40 organizations
called for the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- EPIC, Coalition Urge DHS to Rescind CBP's Proposed Biometrics Rulemaking » (Mar. 10, 2021)
In a
letter to Secretary of Homeland Security Alejandro Mayorkas, EPIC and a coalition of civil rights, civil liberties, immigrant's rights, technology, and privacy organizations urged the agency to rescind a Notice of Proposed Rulemaking massively expanding Customs and Border Protection's (CBP's) use of biometrics, and to suspend the use of facial recognition across DHS. The NPRM was originally issued November 19, 2020 and re-published on February 9, 2021 in a sign that DHS and the Biden Administration intend to go forward with the rulemaking. EPIC submitted
comments on the original NPRM, urging CBP to suspend its use of facial recognition, or in the alternative use only 1:1 face comparison. Earlier, EPIC
voiced opposition to a broader DHS rulemaking authorizing widespread use of biometrics, including facial recognition, throughout the agency.
- EPIC, Coalition Call on Biden Administration to Abandon "Virtual Border Wall," Invest in Migrant Communities » (Feb. 25, 2021)
In
letter to the Biden administration, EPIC and a coalition of 40 privacy, immigration, and civil liberties organizations urged the administration to abandon the proposed
U.S. Citizenship Act of 2021 as an extension of the Trump administration's border policy. The proposed legislation would direct DHS to deploy a bevy of biometric and other surveillance technologies at points of entry and along the southern border. The letter describes how such technologies endanger the lives of migrants by pushing them onto more dangerous travel routes. The use of surveillance technologies at the border inevitably extends into the interior, where they are deployed against protesters, communities of color, and indigenous peoples. EPIC recently urged DHS to
rescind a proposed rule increasing the agency's collection of biometric information.
- EPIC, Coalition Urge NYPD to Limit Use of Surveillance Technologies and Disclose More Information on Their Use » (Feb. 25, 2021)
In
comments to the New York Police Department, EPIC called for meaningful limits on the use of mass surveillance technologies including facial recognition, airplanes and drones, automated license plate readers, and social media monitoring tools. EPIC also joined with privacy and civil liberties advocates and academics in
coalition comments urging the NYPD to make a good faith effort to meet the requirements of the Public Oversight of Surveillance Technologies (POST) Act. The POST Act requires the NYPD to publish impact statements and use policies for 36 surveillance technologies. The Department's draft policies fail to disclose necessary information including detailed data storage, retention, and auditing practices, do not name the vendors of these technologies, and gloss over systemic racial discrimination in the use of these technologies with boilerplate language. The disclosures illuminate the use of technologies by the NYPD that enable mass surveillance and have extensive documented risks of bias and inaccuracy. EPIC leads a campaign to
Ban Face Surveillance, and through the
Public Voice coalition gathered support from over 100 organizations and experts from more than 30 countries.
- EPIC Urges NIST to Adopt Privacy-Protective Standards for Federal ID Cards » (Feb. 2, 2021)
In
comments responding to the National Institute of Standards and Technology's
draft Federal Information Processing Standards for personal identity verification (ID cards and digital identity verification), EPIC urged the agency to adopt more privacy protective technology for federal employees and contractors. EPIC drew upon expertise from the Advisory Board for these comments. EPIC recently
urged the Department of Homeland Security to suspend a new counterintelligence system of records which will collect biometric information. EPIC previously
urged the Department of Transportation to provide more privacy protections for federal employees in the Insider Threat database.
- Hamburg DPA Deems Clearview AI's Biometric Photo database Illegal, Orders a Partial Deletion of Profile » (Jan. 28, 2021)
The Hamburg Data Protection Authority has
ruled that Clearview AI’s searchable database of biometric profiles is illegal under the EU’s GDPR and
ordered the U.S. company to delete the claimant’s biometric profile. Clearview AI scrapes photos from websites to create a
searchable database of biometric profiles. The database, which is marketed to private companies and U.S. law enforcement, contains over
3 billion images gathered from websites and social media. The claimant submitted a complaint to the Hamburg DPA after discovering that Clearview AI had added his biometric profile to the searchable database without his knowledge or consent. The DPA ordered Clearview to delete the mathematical hash values representing his profile but did not order Clearview to delete his captured photos. The DPA’s narrow order protects only the individual complainant because it is not a pan-European order banning the collection of any EU resident’s photos. The DPA decided that Clearview AI must comply with the GDPR, yet this narrow order places a burden on Europeans to have their profiles removed from the database. EPIC has long opposed systems like Clearview AI, filing an
amicus brief before the 9th Circuit defending an individual's right to sue companies who violate BIPA and other privacy laws, submitting
FOIA requests with several government agencies that use Clearview AI technology, and
urgingthe Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- EPIC to Maryland Legislators: Enact Biometric Privacy Law » (Jan. 27, 2021)
EPIC Senior Counsel Jeramie Scott testified today to Senate and House Committees of the Maryland General Assembly in support of legislation protecting biometric information privacy. HB218 and SB16 are modeled after the Illinois Biometric Information Privacy Act (BIPA). Passed in 2008, BIPA has been referred to as one of the most effective and important privacy laws in America. "Unlike a password or account number, a person’s biometrics cannot be changed if they are compromised," EPIC told the Committees. EPIC stressed the importance of strong enforcement measures in privacy laws, particularly a private right of action. EPIC also submitted a recent case study on the Illinois law written by EPIC Advisory Board member Woody Hartzog. EPIC previously filed an amicus brief in Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. [Watch the hearing]
- EPIC Urges DHS to Suspend New Counterintelligence Records System » (Jan. 13, 2021)
EPIC submitted
comments to the Department of Homeland Security in response to a
system of records notice and
proposed exemptions from Privacy Act requirements for a new counterintelligence records system. DHS's proposed records system would permit nearly limitless collection of sensitive personal information and unchecked disclosure of that information to state, local and international agencies, and to private companies. DHS's proposed exemptions would eliminate all individual rights under the Privacy Act and exempt DHS from basic Privacy Act requirements, including limiting data collection to necessary information. EPIC recently
insisted that DHS rescind a proposed expansion of the use of biometrics, including facial recognition, across the agency.
- EPIC Urges CBP to Halt Use of Facial Recognition for Biometric Entry/Exit » (Dec. 21, 2020)
EPIC submitted
comments to U.S. Customs and Border Protection (CBP) in response to a
Notice of Proposed Rulemaking that would drastically expand CBP’s use of facial recognition at airports and land border crossings. EPIC urged the agency to stop using facial recognition to identify travelers. EPIC criticized CBP’s implementation of Biometric Entry/Exit for the agency's failure to even follow its own Fair Information Practice Principles. EPIC recently
insisted that DHS rescind a proposed expansion of the use of biometrics, including facial recognition, across the agency. Earlier this year, an EPIC-led coalition
called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- EPIC Urges Advisory Council to Address Privacy Risks of DHS’s Use of Biometrics » (Dec. 11, 2020)
In response to a report by the Homeland Security Advisory Council’s Biometric Subcommittee, EPIC urged the Council to table the report until they can address the privacy and civil liberties implications of the Department of Homeland Security’s collection and use of biometrics in full. The Biometric Subcommittee was tasked with examining DHS use and collection of biometrics. The Subcommittee’s report failed to address a rule proposed in September that would broadly expand DHS use of biometrics. EPIC previously argued that the proposed rule, giving DHS broad authorization for biometric collection, was incompatible with the department's Fair Information Practice Principles.
- EPIC Opposes DHS's Plans to Broadly Expand Biometric Collection » (Oct. 14, 2020)
In
comments to the Department of Homeland Security and U.S. Citizenship and Immigration Services, EPIC urged the agency to rescind a
proposed rule to broadly permit DHS to collect biometric from immigrants, their families, and associates. DHS's rule would enable the collection of palm prints, iris images, voiceprints, DNA, and images for facial recognition. EPIC argued that DHS's broad authorization of biometric collection was incompatible with the department's Fair Information Practice Principles. EPIC also specifically called on the agency to suspend the use of facial recognition technology. EPIC
previously urged DHS to extend the comment period on this NPRM from 30 days to a standard 60-days for major rulemakings. EPIC consistently opposes biometric collection at DHS. In April EPIC
urged DHS to narrow both the use and Privacy Act exemptions for its Insider Threat Database linking biometrics to personal information. Earlier this year, EPIC, joined by over 40 organizations
called for the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- EPIC Urges DHS to Extend Comment Period on Massive Expansion of Biometric Data Collection » (Oct. 1, 2020)
In a
letter to the Department of Homeland Security, EPIC urged DHS to provide the standard 60-day comment period for a
notice of proposed rulemaking authorizing DHS to expand its biometric data collection practices. DHS would be able to collect finger/palm prints, images for facial recognition, DNA, iris images, and voiceprints from a broad swath of the population, including millions of citizens. The proposed rule would subject immigrants to "continuous vetting" surveillance up-to and even past the time they obtain citizenship. In 2018 EPIC
urged CBP to suspend its biometric entry/exit program. EPIC currently leads a campaign to
Ban Face Surveillance.
- CBP Failed to Protect Sensitive Biometric Information in Test of Facial Recognition Program » (Sep. 24, 2020)
In a new
report, the Inspector General for the Department of Homeland Security found that Customs and Border Protection failed to safeguard pictures of travelers obtained for a facial recognition pilot program, the Biometric Entry-Exit Program. The pictures were exposed in a data breach of a CBP subcontractor, Perceptics, LLC. OIG found that the CBP failed to undertake sufficient information security practices to prevent Perceptics from obtaining the data. At least 17 of the images were ultimately released on the dark web. EPIC leads an ongoing campaign to
Ban Face Surveillance. In 2018, EPIC
urged CBP to suspend its Biometric Entry-Exit Program. EPIC previously obtained documents on that program through a FOIA
lawsuit.
- Professors Hartzog and Richards: Clearview AI Gets Privacy and First Amendment Wrong » (Sep. 14, 2020)
In a recent Boston Globe
op-ed Professors Woody Hartzog, an EPIC Advisory Board member, and Neil Richards assert that Clearview AI's claim of a First Amendment right to scrape, analyze, and disseminate publicly available photos is a threat to privacy that misunderstands the right to free speech. Clearview AI's claim is a response to a lawsuit filed under Illinois' Biometric Information Privacy Act (BIPA) challenging the company’s collection of photos and sale of facial recognition services. EPIC filed an
amicus brief before the 9th Circuit defending an individual's right to sue companies who violate BIPA and other privacy laws. Recently EPIC filed
FOIA requests with several government agencies revealed as users of Clearview AI technology. Earlier this year, EPIC and over 40 organizations
urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- GAO Report: CBP Needs to Address Privacy Issues with Facial Recognition Deployment » (Sep. 3, 2020)
A
report by the Government Accountability Office found that Customs and Border Protection needs to address privacy issues with the agency's deployment of facial recognition technology at ports of entry. CBP currently deploys facial recognition at 27 airports as part of their
Biometric Entry-Exit Program. The GAO found that CBP has not provided adequate privacy notices or information on opting out of facial recognition to the public. Additionally, the agency has failed to implement a plan to audit privacy compliance by airline partners involved in the program. EPIC has previously explained to
Congress and the
CBP that its Biometric Entry-Exit program unfairly burdens travelers exercising their rights to opt-out of facial recognition. EPIC has
called on Congress to suspend facial recognition at airports and earlier this year
urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.
- Amazon Claims 'Halo' Device Will Monitor User's Voice for 'Emotional Well-Being' » (Sep. 1, 2020)
Despite the exceptional privacy risks of
biometric data collection and
opaque, unproven algorithms, Amazon last week unveiled
Halo, a wearable device that purports to measure "tone" and "emotional well-being" based on a user's voice. According to Amazon, the device "uses machine learning to analyze energy and positivity in a customer's voice so they can better understand how they may sound to others[.]" The device also monitors physical activity, assigns a sleep score, and can scan a user's body to estimate body fat percentage and weight. In recent years, Amazon has come under fire for its development of
biased and inaccurate facial surveillance tools, its
marketing of home surveillance camera Ring, and its
controversial partnerships with law enforcement agencies. Last year, EPIC filed a Federal Trade Commission
complaint against
Hirevue, an AI hiring tool that claims to evaluate "cognitive ability," "psychological traits," and "emotional intelligence" based on videos of job candidates. EPIC has long advocated for
algorithmic transparency and the adoption of the
Universal Guidelines for AI.
- Bill to Ban Face Surveillance Introduced in Congress » (Jun. 25, 2020)
Senator Edward J. Markey (D-Mass.), along with Senator Jeff Merkley (D-Ore.), Congresswoman Pramila Jayapal (WA-07) and Congresswoman Ayanna Pressley (MA-07) today
introduced legislation to stop government use of biometric surveillance, including facial recognition tools. The
Facial Recognition and Biometric Technology Moratorium Act prohibits the use of facial recognition and other biometric technologies by federal agencies, including Customs and Border Protection. “The use of face surveillance technology needs to end. Face surveillance violates Americans’ right to privacy, treats all individuals as suspicious, and threatens First Amendment-protected rights,” said Caitriona Fitzgerald, EPIC Interim Associate Director and Policy Director. “The technology has been shown time and time again to be biased and inaccurate, frequently misidentifying people of color. EPIC has repeatedly called for a moratorium on the use of face surveillance and the Facial Recognition and Biometric Technology Moratorium Act of 2020 would stop the use of this dangerous technology. EPIC is proud to support it.” EPIC recently
settled a Freedom of Information Act
lawsuit against Customs and Border Protection regarding the agency's "alternative screening procedures" to determine whether travelers are able to to opt-out of facial recognition at airports. EPIC has launched a campaign to
Ban Face Surveillance. Previously,
EPIC and a coalition urged the Privacy and Civil Liberties Oversight Board to suspend the use of face surveillance systems across the federal government. And last year, the Public Voice coalition called for a global moratorium on face surveillance.
- DHS Proposes Database to Link Biometric Data, EPIC will Oppose » (Apr. 1, 2020)
The Department of Homeland Security has published a
Systems of Record Notice for the "Enterprise Biometric Administrative Records." The DHS seeks to link personal data in the IDENT biometric database to unique machine-generated identifiers. IDENT contains personal data on both U.S. citizens and non-U.S. persons.The IDENT database is tied to biometric databases maintained by the FBI, the Department of Defense, and the State Department. DHS also announced a
Notice of Proposed Rulemaking that proposes to exempt the Enterprise Biometric Administrative Records database from many of the protections of the Privacy Act. EPIC is currently pursuing a
Freedom of Information lawsuit against the State Department for information about the disclosure of personal biometric data to other federal agencies. Public comments on the Enterprise Biometric Administrative Records
System of Record Notice or
Notice of Proposed Rulemaking are due April 10 and April 15 respectively. EPIC will urge the DHS to suspend the project. And if the agency goes forward, EPIC will urge the agency to comply with all of the requirements of the federal Privacy Act.
- In FOIA Case, EPIC Obtains Details on State Department's Facial Recognition Program » (Feb. 19, 2020)
In response to EPIC's Freedom on Information Act
lawsuit, EPIC v. State, the State Department has provided EPIC with
several agency agreements concerning State Department facial recognition program. The Consular Consolidated Database contains millions of images from visa and passport applicants, which other federal agencies are now accessing for purposes unrelated to the processing of visa and passport application. The State Department agreements include the
Labor,
Interior, and
Defense Departments. Several of the documents EPIC obtained concealed the name of the federal agency accessing the State Department database. In a related EPIC
FOIA lawsuit, EPIC obtained
documents concerning Customs and Border Protection use of images from the State Department.
- "A Big Victory for Privacy Groups" - Facebook Settlement » (Jan. 30, 2020)
This week Facebook agreed to pay $550 million to
settle a lawsuit about the use of facial recognition technology. The New York Times called the
settlement "A Big Victory for Privacy Groups." In 2010, EPIC objected to Facebook's collection of biometric data and
urged the FTC to modify a proposed settlement to limit Facebook's use of facial recognition. EPIC filed similar complaints about facial recognition with the FTC in
2016 and
2018. EPIC also filed several
amicus briefs stating that the violation of a federal privacy law is sufficient to confer "standing," the right of consumers to bring lawsuits. In
response to Facebook's challenge to the Illinois Biometric Privacy Act, EPIC
wrote, "Judicial second-guessing of statutory protections for biometric data established by the state legislature, following a careful weighing of the public safety concerns, will come at an enormous cost to the privacy of Illinois residents." EPIC's views were adopted by a
federal court in
this case, which led to the recent settlement with Facebook. The text of the Illinois privacy law is available in the
2020 EPIC Privacy Law Sourcebook at the
EPIC Bookstore. And EPIC's
objections to the current FTC settlement with Facebook are now pending in federal court.
- Supreme Court Declines to Review Facebook Face Scan Case » (Jan. 21, 2020)
The U.S. Supreme Court
will leave in place a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In
Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an
amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of
biometric data and has opposed
Facebook's use of
facial recognition software. EPIC and others recently called for a
global moratorium on facial recognition. EPIC recently launched a
campaign and resource page to ban face surveillance.
- CBP Drops Airport Face Scanning Proposal » (Dec. 5, 2019)
Customs and Border Protection has
removed its
proposal to require U.S. citizens to undergo mandatory face recognition at airports, following widespread protest. Currently, only foreign nationals are required to undergo
facial screening at airports. According to a CBP spokesperson, the agency has "no current plans to require U.S. citizens to provide photographs upon entry and exit from the United States," and that it "intends to have the planned regulatory action...removed from the unified agenda next time its published." Senator Ed Markey previously
blasted CBP's proposal. After CBP reversed its proposed plan, Senator Markey
stated "we cannot take our right to privacy for granted. Americans still need protection from facial recognition technology..." and that the planned to introduce legislation to ban biometric surveillance. EPIC is pursuing a
lawsuit to uncover documents about the opt-out procedures in CBP's Biometric Entry-Exit program. Congress has explained to
Congress and the
agency that its Biometric Entry-Exit program unfairly burdens travelers exercising their rights to opt-out of biometric identification. EPIC recently launched a
global campaign calling for a moratorium on the use of face recognition for mass surveillance.
- Facebook Asks Supreme Court to Review Face Scan Decision » (Dec. 5, 2019)
Facebook has filed a
petition asking the Supreme Court to review a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In
Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an
amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of
biometric data and has opposed
Facebook's use of
facial recognition software. EPIC and others recently called for a
global moratorium on facial recognition. EPIC recently launched a
campaign and resource page to ban face surveillance.
- Swiss Sign Convention 108+, 35 Countries Back Privacy Convention » (Nov. 21, 2019)
This week, Switzerland
signed the
Modernized International Privacy Convention. With the Swiss signature thirty-five countries now back Convention 108+. The Council of Europe Convention 108+ is the first and only binding international legal instrument for data protection. Updated in 2018, the Modernized Convention includes new provisions on biometric data,
algorithmic transparency, enhanced oversight. Non-members of the Council of Europe are able to sign the Convention, and EPIC and consumer groups
have long
urged the United States to ratify the international Privacy Convention.
- Congress to Consider Moratorium on Facial Recognition » (Aug. 22, 2019)
POLITICO
reports that House leaders will consider a moratorium on funding facial recognition following a House Oversight Committee
hearing on DHS facial recognition programs. Prior to the hearing, EPIC briefed members of the House committee about the
entry-exit program at US airports. Air travelers have reported that it is difficult to opt-out and the agency has still not conducted a required rulemaking. Last month, EPIC led a coalition of over 35 organizations
urging Congress to halt the use of face recognition on the general public. In a
statement in April to the House Appropriations Committee, EPIC recommended that Congress halt the funding for the facial recognition program at TSA, also within the DHS. After a
Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT)
called for the suspension of the program.
- Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition » (Aug. 8, 2019)
A federal appeals court has
ruled that users can sue Facebook for collecting and using their facial images. In
Patel v. Facebook, users contend that Facebook violated an Illinois biometric privacy law by creating biometric templates of their faces without their consent. The court found that the Illinois law "protects the plaintiffs' concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." The court cited the common law roots of the right to privacy and also noted that "the Supreme Court has recognized that advances in technology can increase the potential for unreasonable intrusions into personal privacy." EPIC filed an
amicus brief in the
case, arguing that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC wrote the "Illinois Biometric Information Privacy Act imposes, by statute, legal obligations on companies that choose to collect and store individuals' biometric data." EPIC said that plaintiffs must only "demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Last year, EPIC filed an amicus brief in
Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. EPIC
routinely submits briefs in support of consumers' right to sue in privacy case. EPIC has also long advocated for limits on the use of
biometric data and has opposed
Facebook's use of
facial recognition software.
- Privacy Board to Review Use of Biometrics at Airports, Privacy of Passenger Data, and FBI Surveillance » (Jun. 26, 2019)
The
Privacy and Civil Liberties Oversight Board has announced three new oversight projects. The PCLOB reviews federal agency programs to ensure they do not diminish privacy and civil liberties. The Board said it
will review: (1) the use of biometrics, such as facial recognition, in airports; (2) how the FBI queries data collected under the Foreign Intelligence Surveillance Act's Section 702, including searches for US person information called "backdoor searches"; and (3) oversight of passenger identity databases used by airlines. Earlier this year, EPIC sent a
statement to the Board urging limits on the government use of facial recognition and and end to backdoor searches. In 2012, EPIC sent a
detailed statement to PCLOB outlining priorities for the agency. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the
EPIC Champion of Freedom Award.
- EPIC to Congress: Suspend Facial Recognition at Airports » (Jun. 13, 2019)
Earlier this week, the House Homeland Security Committee held a closed-door roundtable briefing on the use of facial recognition technology by the Department of Homeland Security. The Committee met with privacy and civil liberties advocates, including EPIC Senior Counsel, Jeramie Scott. Mr. Scott
highlighted EPIC's Freedom of Information Act work related to the use of face recognition at airports. Documents obtained by EPIC, and
featured at Buzzfeed, revealed significant flaws in the technology. EPIC highlighted these problems in
comments to the agency and an
op-ed. Speaking to Members of Congress, Mr. Scott recommended that the facial recognition program to be suspended, and pointed to the recent
breach of photos and other sensitive information collected by the agency.
- EPIC Sues State Department About Secret Facial Recognition Database » (May. 20, 2019)
EPIC filed a
lawsuit today to compel the State Department to release information about the transfer of facial images, gathered from visa and passport applicants, to other federal agencies. EPIC explained to the federal court in Washington, DC that the Customs and Border agency is now using those images in an unlawful border system. EPIC has
called for the suspension of the CBP program. Senators Markey and Lee have also
opposed expansion of the CBP program to U.S. citizens. In a related FOIA
lawsuit, EPIC obtained
documents concerning CBP's facial recognition program. A
summary report revealed that the system did not perform operational matching at a "satisfactory" level.
- EPIC FOIA: Massive DHS Biometric Database Still Lacks a Privacy Impact Assessment » (May. 3, 2019)
In
response to EPIC's Freedom of Information Act
request, the Department of Homeland Security confirmed that no
privacy impact assessment has been completed for a vast DHS biometric database known as the "Homeland Advanced Recognition Technology." The HART database will include fingerprints, iris scans, and facial images on millions of individuals. The
documents EPIC did obtain from DHS consist of privacy threshold reviews that indicate a privacy impact assessment is required and was expected by January 2019. A previous
document obtained by EPIC show that the Homeland Advanced Recognition Technology database is part of the facial recognition
Biometric Entry/Exit program at US airports.
- EPIC to TSA: Conduct Rulemaking on Facial Recognition » (Apr. 26, 2019)
In
comments to inform the Transportation Security Administration's 2020 National Strategy, EPIC recommended that TSA to suspend the
facial recognition program at US airports. EPIC wrote, "The TSA's use of facial recognition lacks the safeguards necessary for implementation." EPIC has also warned
lawmakers and the
DHS about the
biometric border program that incorporates
deploy facial recognition. EPIC has urged the agency to undertake a notice and comment rule making that would provide the public with the opportunity to comment on the controversial program. EPIC successfully required TSA to conduct a rulemaking on its deployment of airport body scanners in
EPIC v. DHS. EPIC also recommended that TSA incorporate the
Universal Guidelines for Artificial Intelligence,
endorsed by over 300 organizations and experts, for AI-based systems.
- EPIC to Congress: Funding for TSA Facial Recognition Program Must Be Halted » (Apr. 3, 2019)
EPIC has sent a
statement to the House Appropriations Committee regarding the TSA's FY2020 budget request, urging Congress to suspend the "Biometric Entry-Exit" program until privacy safeguards are established. EPIC said Congress should halt funding for TSA's facial recognition program "until CBP establishes proper privacy assessments, policies and procedures, and oversight mechanisms." EPIC recently filed a Freedom of Information Act
lawsuit to determine whether travelers are able to to opt-out of
facial recognition at airports.
According to the CBP, the
"alternative screening procedures" allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens." But research by EPIC indicates that CBP has made it increasingly difficult for travelers to opt-out.
- Buzzfeed: EPIC Docs Reveal Flawed Facial Recognition Program » (Mar. 11, 2019)
At the start of Sunshine Week, Buzzfeed
featured documents obtained by EPIC about a deeply flawed facial recognition program that could impact all U.S. travelers returning to the United States. The documents, released following an EPIC FOIA
request, describe the Administration's plan to extend a faulty
CBP pilot program to TSA, ICE, and the Coast Guard.
Documents previously obtained by EPIC, following a
lawsuit against DHS, found similar problems with a facial recognition program at the southern border.
- Unanimous Decision in Illinois Supreme Court Ensures Strict Limits on Biometric Data Collection » (Jan. 25, 2019)
The Illinois Supreme Court
ruled today in
Rosenbach v. Six Flags, a case about a state privacy law that protects biometric data. Parents sued the theme park after it collected a child's fingerprints, charging a violation of the Illinois biometric privacy law. The theme park claimed that it was necessary to show some additional harm, but the Illinois Court held that when companies violate the law, "the injury is real and significant." EPIC filed a
"friend of the court" brief in the case, arguing that the biometric privacy law "imposes clear responsibilities on companies that collect biometric identifiers" and that if these provisions are "not enforced, the statute's subsequent provisions are of little consequence." EPIC has long advocated for
strict limits on use of
biometric data. EPIC also filed an amicus brief the
OPM data breach, a case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
- EPIC Amicus: Unlawful Collection of Biometric Data Establishes Standing » (Dec. 18, 2018)
EPIC has filed an
amicus brief in a case concerning Facebook's collection of facial images in violation of the Illinois Biometric Information Privacy Act. In
Patel v. Facebook, EPIC argued that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC said that that the legal doctrine of standing "simply requires plaintiffs to demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Earlier in 2018, EPIC filed an amicus brief in
Rosenbach v. Six Flags, another case about the Illinois biometric privacy law. EPIC
routinely submits briefs in support of standing in privacy case. EPIC has also long advocated for limits on the use of
biometric data and has opposed
Facebook's use of
facial recognition software.
- EPIC Investigates Airport Facial Recognition Opt-Out Procedures » (Dec. 12, 2018)
In an urgent
FOIA request, EPICis seeking documents from CBP about the procedures for travelers to opt-out of
biometric entry/exit program. EPIC found that CBP frequently changes the program without any formal procedures. One consequence is that it is now more difficult for travelers to opt-out of the screening procedure EPIC wrote that "CBP is modifying rules as it is implementing the program," contrary to federal law. Earlier this week, EPIC
urged Congress to suspend the program until privacy safeguards and meaningful opt-out procedures are established. In
comments to the DHS Data Privacy and Integrity Advisory Committee, EPIC
explained the substantial privacy risks of CBP's use of facial recognition technology.
- EPIC to Congress: Federal Agency Making Up the Rules for Facial Recognition Screening » (Dec. 11, 2018)
EPIC has sent a
statement to the Senate Judiciary Committee for an
oversight hearing of Customs and Border Protection. EPIC cited frequent changes CBP has made to the opt-out procedures for the
biometric entry/exit program. "Without legal authority or the opportunity for public comment, CBP is making up the rules as it rolls out the program," EPIC said. EPIC urged the Committee to suspend the screening program until privacy safeguards and meaningful opt-out procedures are established. Last week, EPIC
warned Customs and Border Protection about facial recognition technology and
urged the DHS Privacy committee to end the program.
- Indian Supreme Court Imposes New Limits on National Identity System » (Sep. 26, 2018)
In a
ruling today, the Indian Supreme Court imposed new limits on Aadhar, India's national biometric identification system. The Court found the system did not violate the Indian constitution, but struck down a section of the law permitting private entities to demand Aadhar to verify identity. Aadhar can no longer be mandatory to register for education, open a bank account, or obtain a cell phone connection. However, the state-issued number may still be required for purposes related to government funds, including filing an income tax. The Court also struck down an exception authorizing disclosure of Aadhar data for national security purposes. The Court encouraged the state to establish a "a robust statutory regime" for data protection "in near future." The dissent would have held Aadhar unconstitutional. The biometric system "violates essential norms pertaining to informational privacy, self-determination and data protection," the dissent states, and "dignity of individuals cannot be made to depend on algorithms or probabilities." Last year, India's Supreme Court
ruled that privacy is a fundamental right under the Indian Constitution. EPIC has also
backed comprehensive privacy legislation in comments to the Indian government, and urged creation of a private right of action and breach notification requirement.
- EPIC Urges DHS To Abandon Privacy Act Exemptions for New Biometric Database » (Aug. 31, 2018)
In comments to the Department of Homeland Security, EPIC
urged the agency to withdraw
proposed Privacy Act exemptions that would reduce privacy safeguards in the federal government. The
Immigration Biometric and Background Check database will contain personal data on U.S. and non-U.S. citizens. DHS has proposed to exempt the database from several Privacy Act protections, including ensuring that records are accurate, timely, and complete. DHS also claims numerous “routine uses” that allow the agency to disseminate the data to law enforcement and intelligence agencies. EPIC has urged strict compliance with Privacy Act obligations and warned that
inaccurate,
insecure, and
overbroad government databases threaten both privacy and national security.
- EPIC Urges Suspension of Biometric Entry/Exit Program » (Jul. 25, 2018)
In
comments to Customs and Border Protection, EPIC urged the agency to suspend the
Biometric Entry/Exit Program. EPIC argued that less privacy-invasive alternatives should be considered and that the program should not move forward until Congress has passed regulations implementing safeguards for the use of biometrics. CBP
solicited comments about the collection of biometrics, based on facial recognition, from people in vehicles crossing the border. EPIC said that such an expansion could quickly lead to a program of mass surveillance.
In EPIC v. CBP, EPIC has sued the agency for details about the program. A
report EPIC obtained in the lawsuit showed that facial recognition at a pedestrian border failed to perform at a "satisfactory" level.
- EPIC Urges Illinois Supreme Court to Uphold Strict Limits on Biometric Data Collection » (Jul. 5, 2018)
EPIC has filed an
amicus brief with the Illinois Supreme Court in
Rosenbach v. Six Flags Entertainment Corp, about the collection of a child's biometric data in violation of the Illinois Biometric Information Privacy Act. EPIC explained that the Illinois biometric law "imposes clear responsibilities on companies that collect biometric identifiers" and said the company had failed to comply with the state law. EPIC made clear that "collection is the threshold safeguard in privacy law" and if corresponding provisions are "not enforced, the statute’s subsequent provisions are of little consequence." EPIC first identified the risk of collecting biometric data from children entering amusement parks in a 2005 report
"Theme Parks and Your Privacy." The state of Illinois adopted the nation's first biometric privacy law in 2008. EPIC has long advocated for
strict limits on use of
biometric data. EPIC also routinely submits
amicus briefs, including in the recent
OPM data breach case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
- EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database » (Jun. 18, 2018)
EPIC has submitted an urgent Freedom of Information Act
request to the Department of Homeland Security seeking the
Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed
system that will integrate biometric identifiers across the federal government. HART would replace
IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In
EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was
shuttered earlier this year.
- Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making » (May. 11, 2018)
In a
letter to DHS Secretary Kirstjen Nielson, Senators Edward Markey (D-MA) and Mike Lee (R-UT)
urged the agency to promptly conduct a public rulemaking on the agency's
biometric exit program prior to any expansion of the program. The program, currently implemented in nine U.S. airports, requires travelers on departing international flights to submit to facial recognition identification. The Senators requested that DHS determine the accuracy of the technique and the procedures for collecting passenger data. EPIC is currently pursuing documents about the biometric exit program, but
documents EPIC obtained about a
related program that tested iris and facial recognition scanning at the border revealed that the technology did not perform operational matching at a "satisfactory" level. An earlier EPIC
lawsuit against the DHS led to the removal of backscatter x-ray devices — "body scanners" — at US airports.
- EPIC to Congress: Enhanced Surveillance at Border Will Impact Rights of U.S. Citizens » (Apr. 24, 2018)
EPIC has sent a
statement to the House Homeland Security Committee in advance of a
hearing with the Commissioner of Customs and Border Protection. EPIC urged the Committee to ask the CBP Commissioner about the collection of biometric data at US airports. EPIC described the growing use of
facial recognition that capture the images of US travelers. EPIC also pointed to a
recent study that found racial disparities with the technique. EPIC is currently seeking records from the federal agency concerning the accuracy of facial recognition. EPIC also recommended the Committee examine how CBP will comply with state laws prohibiting warrantless aerial surveillance when deploying drones at the border. As a result of an earlier
FOIA lawsuit, EPIC found that the CBP is deploying drones with facial recognition technology without warrant authority.
- EPIC FOIA: EPIC Obtains FBI Policy for Disseminating Biometric Info » (Mar. 22, 2018)
Through a
Freedom of Information Act request, EPIC has obtained the FBI’s “
Policy for Biometric Information Sharing with Domestic and International Agencies.” The
documents EPIC obtained also contain details of the United States’ agreement with Iraq to exchange biometric data, including to not subject the information to any dissemination restrictions of the US or Iraq. The FBI maintains one of the world's largest biometric databases, known as the
"Next Generation Identification” system, which includes facial IDs gathered from international conflicts. In 2007, EPIC, Privacy International, and Human Rights Watch
warned the Secretary of Defense that the “
system of biometric identification contravene international privacy standards and could lead to further reprisals and killings.” EPIC
noted in 2010 "President Obama’s address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict."
- Court Rules that Users have Standing to Sue Facebook about Facial Recognition » (Feb. 27, 2018)
The Northern District of California has
ruled that Facebook users have standing to pursue a class action challenging Facebook's use of facial recognition software. The court said that the Illinois Biometric Information Privacy Act requires plaintiffs only to show that Facebook has unlawfully collected their biometric data without their consent. Facebook sought to dismiss the suit by arguing that the Supreme Court's decision in
Spokeo v. Robins required the plaintiffs to show additional harm. EPIC submitted a
friend-of-the-court brief in Spokeo, arguing that courts should not second-guess privacy laws. The Ninth Circuit Court of Appeals recently
agreed with EPIC that internet users have standing when a company has disclosed their personal information in violation of the Video Privacy Protection Act.
- EPIC Urges Congress to Suspend Facial Recognition At US Airports » (Feb. 26, 2018)
EPIC has sent a
statement to the House Homeland Security Committee in advance of a
hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing use of facial recognition that capture the images of US travelers. EPIC also pointed to a
recent study that found racial disparities with the technique. EPIC previously pursued a
significant lawsuit against the TSA that led to the removal of x-ray body scanners from US airports. EPIC is currently
seeking records from Customs and Border Protection concerning the accuracy of facial recognition.
- Republican DACA Bill Would Expand Use of Drones, Biometrics » (Feb. 21, 2018)
The
Secure and Succeed Act (S. Amdt. 1959 to H.R. 2579), sponsored by several Republican Senators, would link DACA with hi-tech border surveillance. Customs and Border Protection would use facial recognition and other
biometric technologies to inspect travelers, both US citizens and non-citizens, at airports. The bill also establishes "Operation Phalanx" that instructs the Department of Defense—a military agency—to use
drones for domestic surveillance. EPIC has pursued many FOIA cases on border surveillance involving
biometrics,
drones, and
airport body scanners, In a
statement to Congress, EPIC warned that "many of the techniques that are proposed to enhance border surveillance have direct implications for the privacy of American citizens."
- EPIC Urges FBI to Limit Fingerprint-Based Background Checks » (Jan. 9, 2018)
In response to a
request for comments, EPIC has
urged the FBI to expand its use of name-based — rather than fingerprint-based — background checks for noncriminal purposes, such as employment. The FBI currently uses fingerprints, stored in the
Next Generation Identification (NGI) database, to conduct non-criminal background checks. "Names checks" were only conducted for individuals whose fingerprints failed the NGI matching requirements. EPIC told the FBI that the "name-based background check accomplishes the same purpose as the fingerprint-based background check without requiring the collection of sensitive
biometric information." EPIC has
opposed the expansion of the NGI system for non-law enforcement purposes. EPIC has also pursued a series of
Freedom of Information Act requests to assess the reliability of the NGI system.
- EPIC FOIA: Report Reveals Failure of Border Biometric Matching Program » (Dec. 18, 2017)
Through a Freedom of Information Act
lawsuit, EPIC has obtained a
report from Custom and Border Protection, which
evaluated iris imaging and facial recognition scans for border control. The "Southwest Border Pedestrian Field Test" reveals that the agency program does not perform operational matching at a "satisfactory" level. In a
statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and
lack proper privacy safeguards. EPIC is pursuing related documents for the use of biometrics at airports. EPIC has extensively litigated airport screening techniques, including
EPIC v. TSA (concerning body scanner modifications) and
EPIC v. DHS (concerning full body scanner radiation risks).
- EPIC Urges Senate to Block Biometric Collection At US Airports » (Sep. 28, 2017)
EPIC has sent a
statement to the Senate Commerce Committee following a
hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing and regulated use of biometrics in US airports, often targeting US citizens. EPIC previous pursued a
significant lawsuit against the TSA to limit the use of body scanners. EPIC is currently
seeking records from Customs and Border Protection concerning the agency's use of facial recognition for a biometric entry/exit program at airports. EPIC has also
objected to a proposal to increase the collection of biometric data for the TSA Pre-Check program.
- NGOs to Meet with Privacy Commissioners at Public Voice Event in Hong Kong » (Sep. 19, 2017)
The Public Voice will host an
event with NGOs and Privacy Commissioners at the
39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. "Emerging Privacy Issues: A Dialogue Between NGOs & DPAs" will address emerging privacy issues, including
biometric identification,
Algorithmic transparency, border surveillance, the India privacy decision, and implementation of the
GDPR. Speakers include Chairman Isabelle Falque-Pterrotin of the CNIL and
Article 29 Working Party, Commissioner John Edwards of New Zealand, and Director Eduardo Bertoni of Argentina. Also participating will be representatives of
Access Now, EPIC,
GP Digital,
Privacy International, and the
World Privacy Forum. The
Public Voice, established in 1996, facilitates public participation in decisions concerning the future of the Internet.
- EPIC Obtains Final Report on "Face ePassport Air Entry Experiment" » (Sep. 8, 2017)
As the result of a
Freedom of Information Act request, EPIC has obtained a
report on the use of face recognition on travelers entering the United States at Dulles Airport. The report was obtained after EPIC filed a
lawsuit against Customs and Border Protection for documents about the agency's
biometric entry/exit program, expedited by
Executive Order 13769. As the report was heavily redacted, EPIC's FOIA lawsuit is ongoing. In a
statement to the House Homeland Security Committee earlier this year, EPIC warned that biometric identification techniques, such as facial recognition,
lack proper privacy safeguards. EPIC has extensively litigated airport screening techniques, including
EPIC v. TSA, concerning
airport body screening.
- Supreme Court of India Rules Privacy is a Fundamental Right » (Aug. 24, 2017)
India's Supreme Court has
ruled that privacy is a fundamental right under the Indian Constitution. In a unanimous ruling, the Court explained the "right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution." The Court also recognized that "Informational privacy is a facet of the right to privacy" and modern privacy risks are caused by both the public and private sector. The ruling may impact significant cases pending in India, including a challenge to Aadhaar, India's massive
biometric identification system, and
WhatsApp's privacy policy change. In 2009 NGOs and privacy experts set out the
Madrid Privacy Declaration, which affirmed privacy as a fundamental human right. In 2010, EPIC
urged the US Supreme Court to recognize the right of "informational privacy." EPIC
explained that the
Whalen decision and a famous German census case, "influenced international privacy jurisprudence, resulting in the widespread recognition of the right to informational privacy." EPIC's report
Privacy and Human Rights provides an overview of privacy frameworks around the world.
- EPIC to Congress: Examine Facial Recognition Surveillance at the Border » (Jul. 24, 2017)
EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing on "Technology's Role on Securing the Border." EPIC alerted the Committee to EPIC's recent
FOIA lawsuit about the federal government's deployment of a
biometric "entry/exit tracking system," including at US airports. A recent
Executive Order on immigration will push forward the biometric identification system, and will include citizens returning to the U.S. EPIC has warned that biometric identification techniques, such as facial recognition,
lack proper privacy safeguards. EPIC noted that the federal agency pursuing the border identification program is also deploying drones, and should comply with state laws and a 2015 Presidential Memorandum that limit drone surveillance.
- EPIC Files FOIA Lawsuit Over Border Biometrics, Expanded Tracking » (Jul. 20, 2017)
EPIC has
filed a
FOIA lawsuit against Customs and Border Protection for information about the agency’s deployment of a
biometric entry/exit tracking system, including at US airports. Trump's recent
Executive Order regarding immigration ordered the expedited implementation of a biometric entry/exit tracking system, which will include U.S. citizens. Biometric techniques, including facial recognition,
lack proper privacy safeguards. EPIC previously
sued the FBI over the Bureau’s
Next Generation Identification database, which contains face prints, fingerprints, and other biometrics of millions of Americans. EPIC's lawsuit against the FBI revealed that biometric identification is often inaccurate.
- EPIC Urges TSA to Consider Alternative to Biometric Collection » (Jul. 5, 2017)
In
comments to the Transportation Security Administration, EPIC urged the agency to consider alternatives to expanding the collection of biometric identifiers for the TSA Pre-Check application. EPIC explained the potential for biometric identifiers to be used for purposes other than determining eligibility for Pre-Check and the substantial personal privacy risks for applicants if the databases associated with Pre-Check were
compromised. EPIC also proposed
privacy enhancing alternatives, such as limiting the storage of biometric identifiers or providing information on how to have information removed from databases associated with Pre-Check. EPIC routinely highlights the risks of
large,
overbroad government databases and the privacy risks inherent in the collection of
biometric information.
- EPIC Urges Senate Committee to Investigate FBI's Massive Biometric Database » (May. 1, 2017)
EPIC has sent a
statement to the Senate Judiciary Committee for an upcoming FBI oversight
hearing. EPIC urged the Committee to investigate the FBI's
Next Generation Identification system, a massive biometric database. EPIC has sought to ensure that the FBI database
complies fully with the federal
Privacy Act which the Bureau has opposed. EPIC explained to the Senate Committee that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." In a leading FOIA lawsuit,
EPIC v. FBI, EPIC also uncovered documents which revealed high error rates in the biometric system. EPIC has filed a
FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
- EPIC Joins Coalition to Urge FOIA Compliance on Immigration Enforcement » (Apr. 25, 2017)
EPIC joined a coalition of civil society organizations to urge the Immigration and Customs Enforcement to comply with the Freedom of Information Act. The
letter to DHS Secretary Kelly calls upon the federal agency to "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." EPIC previously received
documents through a
Freedom of Information Act Request about DHS's immigration enforcement practices. The documents obtained by EPIC detail the
"Priorities Enforcement Program," a controversial program that relied on
biometric data collection for immigration enforcement.
- EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data » (Mar. 21, 2017)
EPIC has sent a
letter to the House Committee on Oversight
concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's
Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC
supported. The Bureau
proposed to exempt the database from
Privacy Act protections. EPIC has filed a
FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
- Data Protection Experts Recommend New protections for Biometric Identification Online » (Mar. 17, 2017)
The
International Working Group on Data Protection in Telecommunications adopted new
recommendations to improve the privacy and security of
biometric identification online. The Berlin-based Working Group includes
Data Protection Authorities and experts who work together to address emerging privacy challenges. The "Working Paper on Biometrics in Online Authentication )" explains that “biometrics in online authentication offers one possibility to address some of the shortcomings” of conventional online passwords, but the “data protection and privacy risks” must be considered. Among their recommendations, the experts urge policymakers to support for “[p]roactive privacy tools,” and contend biometric authentication should “remai[n] an active choice by the user and not a condition of use.” EPIC will host the 61st meeting of the International Working Group in Washington DC in April 2017.
- EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers » (Mar. 2, 2017)
EPIC has filed an urgent FOIA
request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been
testing biometric identification of travelers, including U.S. citizens, and a recent
report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA
lawsuit, EPIC recently obtained
several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in
EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments.
- EPIC FOIA: EPIC Obtains FBI-DoD Biometric Data Plans » (Jan. 30, 2017)
Through a Freedom of Information Act lawsuit, EPIC has obtained
several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." Last year, EPIC filed
extensive comments scrutinizing the FBI's proposal to remove
Privacy Act safeguards from the Bureau's massive biometric database known as
"Next Generation Identification." EPIC also lead a coalition effort
urging Congress to hold an oversight hearing on the FBI database. The case is
EPIC v. FBI, No. 16-2237 (D.D.C. filed Nov. 10, 2016) (Biometric Data Transfer Agreements).
- Open Government Lawsuits at Near-Record Highs in 2016 » (Dec. 9, 2016)
Advocates, journalists, and businesses have brought a near-record 512 lawsuits under the
Freedom of Information Act in 2016. The findings, complied by for
FOIAproject.org by the
Transactional Records Access Clearinghouse, show a 35 percent increase in FOIA litigation over the past five years. According to the new
report, the lawsuits have covered diverse issues including "private email accounts, national security, immigration, the environment and even Donald Trump." In 2016, EPIC brought FOIA suits for the DOJ's
secret inspector general reports, the DOT's
drone task force records, and the FBI's
biometric data transfer memos.
- EPIC FOIA: EPIC Obtains Secret Inspector General Reports » (Nov. 21, 2016)
Through a Freedom of Information Act
lawsuit EPIC has obtained nonpublic reports from the Department of Justice's
Inspector General. The
documents include audits of drug control funds. Another
set of documents include audits of other grant programs, as well as a list of information security audits conducted since 2005. EPIC also obtained a previously
unpublished audit of a state lab's DNA database. The mission of the DOJ Inspector General is "to detect and deter waste, fraud, abuse, and misconduct in DOJ programs and personnel." EPIC also recently
sued the Federal Bureau of Investigation to obtain information on the massive biometric database
"Next Generation Identification."
- EPIC Sues FBI Over Biometric Data Program » (Nov. 14, 2016)
EPIC has filed a
FOIA lawsuit against the Federal Bureau of Investigation for information about the agency's plans to transfer biometric data to the Department of Defense. The FBI maintains one of the world's largest biometric databases, known as the
"Next Generation Identification" system, but the FBI has resisted maintaining privacy safeguards. The Bureau previously
proposed to exempt the database from many of the safeguards in the federal
Privacy Act, which EPIC
opposed. Then EPIC, following a
FOIA lawsuit, obtained documents that revealed an error rate up to 20% for facial recognition searches in the FBI database. Now EPIC has filed an open government lawsuit to obtain a secret document that details the transfer of personal data in the FBI system to the Department of Defense. [
Press Release]
- High Court Extends Fourth Amendment Protections to DUI Blood Tests » (Jun. 23, 2016)
In
Birchfield v. North Dakota, the U.S. Supreme Court today
held that states cannot criminalize an individual’s refusal to submit to a warrantless blood test. The Court also found that the Fourth Amendment does not allow warrantless blood tests incident to arrest, but does permit warrantless breath tests. In the 2013 case
Maryland v. King, EPIC
urged the Supreme Court to protect
genetic privacy by extending Fourth Amendment protections the collection of DNA from arrestees. In that case, the Supreme Court
held that a cheek swab incident to an arrest was permissible.
- Federal Court Upholds Photo Tagging Suit Against Facebook » (May. 8, 2016)
A federal judge has
rejected Facebook's argument that the company did not violate an
Illinois law that requires companies to obtain consent from consumers before collecting biometric data such as a "faceprint." Describing the biometric privacy law, the court said that Facebook's position was "antithetical to its broad purpose of protecting privacy in the face of emerging biometric technology." In 2011, EPIC filed a
complaint with the Federal Trade Commission, arguing that the
facial identification of users was an unfair and deceptive trade practice. In 2012, EPIC
urged the FTC to suspend facial recognition "until adequate safeguards and privacy standards are established." Canada and Europe have since required Facebook to suspend the use of photo tagging.
- Federal Agencies Seek Comment on Protections for Human Research Subjects » (Sep. 8, 2015)
The Department of Health and Human Services is
seeking public comment on proposed revisions to the "Common Rule," ethical rules regarding biomedical and behavioral research involving human subjects in the United States. The proposal seeks to strengthen requirements for informed consent but would also exempt certain categories of research from administrative review. The Department
will accept public comments on the proposed revisions until December 6, 2015. EPIC previously submitted
comments to the Department of Health and Human Services, warning that medical privacy standards for deidentification were "gravely inadequate" and urged support for stronger techniques of deidentification. EPIC routinely comments on privacy issues involved in
health data.
- California Court Strikes Down DNA Collection Law » (Dec. 4, 2014)
A state appeals court in California has
struck down a state law that requires collection of DNA from people arrested on felony charges. The California court ruled that DNA collection by a cheek swab is an unreasonable search and seizure prohibited by the state's constitution. "The California DNA Act intrudes too quickly and too deeply into the privacy interests of arrestees," wrote the court. The appeals court also said that the U.S. Supreme Court's ruling in Maryland v. King, which upheld a similar law in Maryland, did not apply in this case because of significant differences between each state's DNA collection laws. EPIC has participated as amicus in several cases concerning the collection of DNA. In Maryland v. King, EPIC argued that the government collection of DNA opens the door to misuse and threatens personal privacy. For more information, see
EPIC: Maryland v. King,
EPIC: Maryland v. Raines,
EPIC: Kohler v Englade,
EPIC: US v. Kincade,
EPIC: Herring v. US,
EPIC: Comments on TSA Biometric Systems, and
EPIC: Genetic Privacy.
- Senate to Hold Homeland Security Oversight Hearing » (Jun. 10, 2014)
The Senate Judiciary Committee will hold an
oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the
secret profiling of American air travelers, the use of
drones for aerial surveillance, the amassing of information on Americans into
"fusion centers", and the collection of
biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has
failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of
privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see
EPIC v. DHS - Social Media Monitoring and
EPIC v. DHS (Suspension of Body Scanner Program).
- Sen. Franken Questions Apple on iPhone Fingerprint Scanning » (Sep. 21, 2013)
Senator Al Franken has raised
questions about the privacy and security implications of the fingerprint reader on Apple's new iPhone 5S. "If someone hacks your password, you can change it—as many times as you want. You can't change your fingerprints," Senator Franken wrote. He also pressed Apple for additional details on the protection available to users against law enforcement access to biometric data. In
Congressional testimony, EPIC has previously warned that biometric identifiers will "allow for greater data collection and tracking of individuals." For more information, see
EPIC: Biometric Identifiers.
- EPIC FOIA - DHS Facial Recognition System Lacks Privacy Safeguards » (Aug. 22, 2013)
In response to an
EPIC FOIA request, the Department of Homeland Security has produced
documents revealing that the agency has failed to establish privacy safeguards for "BOSS" (the Biometric Optical Surveillance System), an elaborate system for facial recognition and individual identification. The documents obtained by EPIC indicate that none of the agency's contracts or statements of work require any data privacy or security protections for BOSS' design, production, or test implementations. The New York Times
reported on EPIC's acquisition of these documents, noting also high failure rates for these systems. EPIC is also pursuing a
FOIA lawsuit with the FBI over the agency's development of "Next Generation ID," which, when complete, will be the largest biometric identification database program in the world. For more information, see
EPIC: Face Recognition,
EPIC: EPIC Opposes DHS Biometric Collection, and
EPIC - Biometric Identifiers.
- EPIC Opposes DHS Biometric Collection » (Jun. 21, 2013)
EPIC has submitted
comments to the Department of Homeland Security, staunchly opposing the agency's
border biometric collection, facilitated through the Office of Biometric Identity Management program. Since at least 2004, DHS has collected fingerprint and facial photos from individuals entering the United States. DHS then disseminates this information to DHS agency components, other federal agencies, and "federal, state, and local law enforcement agencies," and the "federal intelligence community." Currently, at least
30,000 individuals from federal, state, and local governments access the data contained obtained by DHS's biometric collection program. DHS shares this biometric data with foreign governments, including Canada, Australia, and the United Kingdom. In its comments, EPIC urged the agency to cease collecting biometric information without proper privacy safeguards in place. Should the agency continue to collect this sensitive information, EPIC recommends that DHS: (1) impose strict information security safeguards on its biometric information collection and limit its dissemination of biometric information; (2) conduct a comprehensive privacy impact assessment on the biometric collection program; (3) grant individuals Privacy Act rights before collecting additional biometric information; and (4) adhere to international privacy standards. For more information, see
EPIC: US-VISIT and
EPIC: Biometric Identifiers.
- FBI Performs Massive Virtual Line-up by Searching DMV Photos » (Jun. 17, 2013)
Through a Freedom of Information Act
request, EPIC obtained a number of
agreements between the FBI and state DMVs. The agreements allow the FBI to use facial recognition to compare subjects of FBI investigations with the millions of license and identification photos retained by participating state DMVs. EPIC also obtained the
Standard Operating Procedure for the program and a
Privacy Threshold Analysis that indicated that a Privacy Impact Assessment must be performed, but it is not clear whether one has been completed. EPIC is currently
suing the FBI to learn more about its development of a vast biometric identification database. For more information, see
EPIC: Face Recognition and
EPIC: Biometric Identifiers.
- EPIC Sues FBI to Obtain Details of Massive Biometric ID Database » (Apr. 8, 2013)
EPIC has filed a Freedom of Information Act
lawsuit against the FBI to obtain documents about
"Next Generation Identification", a massive database with biometric identifiers on millions of Americans. The EPIC lawsuit follows the FBI's failure to respond to EPIC's earlier FOIA requests for technical specifications and contracts. According to
EPIC's complaint, "When completed, the NGI system will be the largest biometric database in the world." NGI aggregates fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other identifying information. The FBI will use facial recognition to match images in the database against facial images obtained from CCTV and elsewhere. For more information, see
EPIC v. FBI - Next Generation Identification,
EPIC: Biometric Identifiers and
EPIC: Face Recognition.
- US to Retain Biometric Database on Iraqis » (Dec. 21, 2011)
According to
Wired, although the war in Iraq is officially over US Central Command will retain a massive database with retinal scans, thumb prints, religious affiliation, as well as other personal data on millions of Iraqis. In 2007, EPIC, Privacy International, and Human Rights Watch sent a
letter to then Secretary of Defense Robert Gates to warn that the collection of biometric data in the region poses a direct risk to human rights and could result in genocidal violence. The Defense Science Board also warned that the database could "become a hit list if it gets in the wrong hands." For more information, see
EPIC - "Iraqi Biometric Identification System."
- EPIC, Coalition Seeks Investigation of New FBI ID Program and "Secure Communities" » (Sep. 26, 2011)
A coalition of civil liberties and civil rights organizations have asked the Inspector General of the
Department of Justice to investigate the
FBI's Next Generation Identification program, a "billion-dollar initiative to create the world's largest
biometric database." The 70 organizations, including EPIC, have also
urged an assessment of "Secure Communities," the mismanaged federal deportation effort. Several states, including Illinois, Massachusetts, and New York, have already withdrawn from the DHS program. For more information, see
EPIC - "Secure Communitities."
- FTC Announces Workshop on Facial Recognition Technology » (Sep. 20, 2011)
The Federal Trade Commission
announced that it will host a workshop on December 8, 2011, on the privacy and security issues raised by the increasing use of facial recognition technology. Facial recognition technology has been used by Facebook to build a secret data base of users’ biometric data and to enable Facebook to automatically tag users in photos. The Army has also used facial recognition technology to collect biometric data from Iraqi and Afghan civilians at checkpoints, workplaces, the sites of attacks, and door-to-door canvasses. EPIC, Privacy International, and Human Rights Watch
wrote to the US Secretary Defense in 2007 to warn that the system could lead to reprisals and further killings. Police agencies are also using facial recognition to identity political protesters. EPIC’s
complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see
EPIC: In re Facebook,
EPIC: Face Recognition, and
EPIC: Iraqi Biometric Identification System.
Summary
Facebook users have brought a class action lawsuit under the Illinois Biometric Information Privacy Act ("BIPA") challenging Facebook's collection of their biometric face information without notice or consent. Facebook collects this information for use in its Tag Suggestions tool, which uses facial recognition software to identify the faces of users in images uploaded to Facebook. The U.S. District Court for Northern California denied Facebook's many motions to dismiss and for summary judgment, and ultimately certified the class. Facebook sought permission to appeal the class certification at the Ninth Circuit, which was granted. Facebook claims that the class should not have been certified because Plaintiffs have not alleged any harm beyond Facebook's violation of BIPA. Plaintiffs argue, and the District Court agreed, that an individual has standing if they allege a violation of BIPA.
Question Presented
Whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing.
Background
Factual Background
Facebook users in Illinois allege that Facebook collected their biometric data without notice or consent through the Tag Suggestions tool, which scans for and identifies people in photographs users upload to Facebook. Tag Suggestions works through a four-step facial recognition process. First, the tool tries to detect faces in uploaded images. The tool then standardizes, or "aligns," the face along a set of parameters, such as orientation and size. In the third step, the software computes a "face signature," which is a string of numbers that represents that particular face. The software then searches a database of stored "face templates" for a match. The stored face templates are calculated based on other photographs that a user is tagged in. A match occurs when the face signature falls within a threshold of similarity to a stored face template, at which point Facebook suggests tagging the user to whom the face template is assigned. Facebook claims that they only store face templates, and not face signatures.
Facebook estimates that 90% of faces appearing in photographs are successfully detected, and of those, 85% are successfully aligned. Thus, approximately 76% of faces appearing in photographs have face signatures computed. According to Facebook, in 2014, it was able to match around 67% of detected faces with users.
Legal Background
The Illinois Biometric Privacy Information Act ("BIPA") requires a corporation that obtains a person's biometric information to 1) obtain a "written release" from them prior to collection, 2) to provide them notice that their information is being collected and stored, and 3) to state the duration the information will be collected, stored and used as well as its specific purpose. The law gives a private right of action to anyone "aggrieved" under the statute. Several courts have considered, and disagreed on, the meaning of the term "aggrieved" under BIPA. While some courts have considered a violation of the biometric notice and consent requirements to be a privacy violation that is actionable in itself, other courts have held that an aggrieved party must both allege a technical violation of the law combined with a separate and additional claim of injury.
The Illinois Legislature passed the BIPA in 2008 to protect the "welfare, security, and safety" of Illinois residents by "regulating the collection, use, safeguarding, handling, storage, retention, and destruction of biometric information." Seeing the use of biometric identifiers growing, especially in the financial sector, the Illinois Legislature was cognizant that unlike other unique identifiers, biometrics are biologically unique and cannot be changed even if compromised. Furthermore, knowing that the implications of using of biometric identifiers for a commercial purpose is unknown, the Illinois Legislature intended BIPA to address the concerns of a wary public that may be deterred from transactions that require biometric identification.
To combat these worries, BIPA requires a corporation that obtains a person's biometric information to first obtain a "written release" from the customer or the customer's representative. The law also requires a corporation that seeks to obtain biometric information from a customer to first provide "in writing" various information: (1) that the biometric information is being "collected" (2) that the biometric information is being "stored;" (3) the "length of term" that that the biometric information will be collected, stored, and used; and (4) the "specific purpose" for the collection, storage, and use of the information.
Federal courts are courts of limited jurisdiction, meaning that they may only consider a case if the subject matter and parties meet certain requirements. One of these requirements is that the plaintiffs have "standing." In Spokeo v. Robins, the Supreme Court decided that, for a plaintiff to have standing, they must demonstrate that they have "suffered 'an invasion of a legally protected interest' that is ‘concrete and particularized' and 'actual or imminent, not conjectural or hypothetical.'" The Court went on to say that Congress can create statutory rights and causes of action "that will give rise to a case or controversy where none existed before," and that “the violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact. In other words, a plaintiff in such a case need not allege any additional harm beyond the one Congress has identified." The Ninth Circuit has recognized that state legislatures can also create interests that support standing in federal courts.
Procedural History
Facebook users filed several lawsuits against Facebook under the Illinois Biometric Information Privacy Act ("BIPA"). The cases were consolidated in the U.S. District Court for the District of Northern Califnornia. Facebook sought to dismiss the case, arguing that Plaintiffs lacked standing because they had only alleged that Facebook collected their biometric data in violation of BIPA, but did not allege any actual damages. Plaintiffs moved for the court to certify the class under Federal Rule of Civil Procedure 23(b)(3). The District Court rejected Facebook's objections to standing and class certification, certifying the class of Facebook users located in Illinois for whom Facebook created and stored a face template after June 7, 2011. The District Court recognized that the Illinois legislature codified a right to privacy in personal biometric information, and that it was the judgment of the legislature that violation of BIPA's procedures would cause actual and concrete harm sufficient to confer Article III standing on those whose rights were violated. Facebook sought permission from the Ninth Circuit to appeal the District Court's decision, which the Ninth Circuit granted.
EPIC's Interest
EPIC has long advocated for strict limits on the use of biometric data and facial recognition software. EPIC argues that biometric data is personally identifiable information that cannot be changed, even if compromised. Improper collection of this information can contribute to identity theft, inaccurate identifications, and infringement on constitutional rights. Strict limits on biometric data is the best practice to prevent abuse.
EPIC has been long been concerned with Facebook's privacy practices and with Facebook's use of facial recognition software. In 2011, EPIC and other consumer protection groups complained to the FTC about Facebook's face identifying software. In 2018, EPIC again complained to the FTC about Facebook's use of face recognition software, and the FTC's failure to enforce the 2011 Facebook consent order.
EPIC has filed amicus briefs several cases arguing that violation of a statutory duty to protect data is sufficient to confer standing. Earlier in 2018, EPIC filed an amicus brief in the Illinois Supreme Court in Rosenbach v. Six Flags, another case concerning who has standing to sue under Illinois's Biometric Information Privacy Act. EPIC also filed an amicus in In re OPM, arguing that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained."
Legal Documents
U.S. Supreme Court (No. 19-709)
U.S. Court of Appeals for the Ninth Circuit (No. 18-15982)
U.S. District Court for the Northern District of California (No. 3:15-cv-0374)
Resources:
EPIC Resources
News