You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC v. FBI - Privacy Assessments

Top News

  • EPIC, Coalition to Congress: Stop funding Surveillance Tech Aimed at Peaceful Protesters: Today, EPIC and a group of over 100 privacy, civil rights, and civil liberties organizations urged Congress to halt funding of surveillance technology recently used against peaceful protesters and disproportionately aimed at communities of color. The group stated the need "to address the unconstitutional and dangerous use of surveillance by state, local and federal police officers against demonstrators protesting the murder of George Floyd and so many others perpetuated by systemic police brutality." In response to reports that the government conducted surveillance of peaceful protesters, EPIC filed a series of Freedom of Information Act requests directed at the FBI the DEA and CBP. Earlier this year, EPIC filed similar FOIA requests with several government agencies after it was revealed that the agencies were using Clearview AI, the controversial facial recognition company. (Jun. 17, 2020)
  • EPIC Obtains FBI's Updated Media Guidelines: In response to EPIC's Freedom of Information Act request, the Federal Bureau of Investigation has released documents (part 1, part 2, part 3) concerning the agency's use of National Security Letters to obtain information from the media. The disclosure to EPIC includes a revised policy that followed criticisms of government surveillance of journalists. In an earlier amicus brief, EPIC recommended enhanced oversight of National Security Letters. (Mar. 4, 2019)
  • More top news »
  • FBI Concealed Crypto Capabilities » (Mar. 28, 2018)
    An internal investigation has revealed the FBI was not transparent about its technical capabilities before suing Apple to unlock an encrypted iPhone. Department of Justice Inspector General reports that FBI personnel failed to communicate to agency leadership that the FBI was very close to opening the phone. Investigating the 2015 mass shooting San Bernardino, the FBI filed suit to force Apple to create custom technology to decrypt an iPhone. The Agency's case relied on the fact that it "cannot access" that phone's content. EPIC filed an amicus brief in Apple v. FBI arguing that the "security features in dispute in this case were adopted to protect consumers from crime."
  • EPIC v. NSD: EPIC Obtains Secret Report on "Backdoor Searches," FBI's Failure to Follow Procedures » (Jan. 9, 2018)
    As the result of a Freedom of Information Act lawsuit EPIC v. NSD, EPIC has obtained a report from the Department of Justice National Security Division detailing the FBI's use of foreign intelligence data for a domestic criminal investigation. Section 702 of the Foreign Intelligence Surveillance Act authorizes the surveillance of foreigners located abroad. However, the FBI can also use this data to investigate Americans. The report obtained by EPIC also shows that the FBI analyst failed to follow internal guidance to notify superiors of the search, raising questions about whether the FBI is accurately reporting these searches. The USA Rights Act, now pending in Congress, would require a federal agency to obtain a warrant to search foreign surveillance data for information on Americans.
  • Pew Survey Examines "Future of Truth and Misinformation Online" » (Oct. 20, 2017)
    The Pew Research Center released a report on how to address the spread of digital misinformation in the coming decade. The report's respondents were evenly divided on whether technological advances in the coming decade will fix the problem of misinformation, or only compound it. EPIC President Marc Rotenberg told Pew, "The problem with online news is structural: There are too few gatekeepers, and the internet business model does not sustain quality journalism. The reason is simply that advertising revenue has been untethered from news production." The prevalence of "fake news" was one of the most significant issues in the 2016 presidential election. EPIC's Democracy and Cybersecurity Project seeks to restore integrity in democratic elections. EPIC is also pursuing details of the Russian election interference in FOIA cases against the FBI, the Office of Director in National Intelligence, and the IRS. This week several senators introduced bipartisan legislation to strengthen disclosure requirements for online political ads.
  • FBI Issues Final Rule on Biometric Database, Exempts Itself From Privacy Act Protections » (Aug. 1, 2017)
    The FBI has released a final rule claiming several Privacy Act Exemptions for the Next Generation Identification System, a database that contains the biometric data of millions of Americans, much of which is unrelated to law enforcement. EPIC had criticized the FBI's proposal to remove Privacy Act safeguards and urged the FBI to limit the scope of data collection and reduce the retention of data. However, in issuing the final rule the FBI repeatedly stated that exemptions would be used responsibly and in accordance with FBI policies and procedures. Through a FOIA lawsuit, EPIC obtained documents that revealed the NGI database contained an error rate of up to 20% on facial recognition searches. EPIC has identified several problems with the NGI database in statements to Congress oversight Committees, which have indicated strong concern about the FBI's facial recognition program.
  • EPIC Raises Questions About FBI Surveillance Programs » (Jul. 14, 2017)
    In a statement to Congress, EPIC told members of the Senate Judiciary Committee to press the nominee for FBI Director, Christopher Wray, on his views of FBI databases and domestic surveillance programs. EPIC again expressed concern about the size and scope of the FBI's Next Generation Identification system which stores personal and biometric information on millions of individuals. EPIC also expressed concern over the FBI's failure to issue timely privacy impact assessments, lack of transparency on drone use, and plans to monitor social media. EPIC urged the Committee to obtain the nominee's views on these matters and to ensure his commitment to protect privacy and ensure transparency at the FBI.
  • FBI Opposes EPIC Preservation Order in FBI Russian Interference FOIA Case » (May. 19, 2017)
    The FBI is opposing EPIC's emergency motion to preserve records in a Freedom of Information Act case for records of the Russian Interference with the 2016 Presidential Election. Following Donald Trump's abrupt firing of FBI Director James Comey, EPIC asked a federal court to issue a preservation order for records at issue in EPIC v. FBI and to impose sanctions if the order is violated. EPIC cited irregular circumstances surrounding the firing of the FBI Director, as well as concerns expressed by members of Congress and Senators regarding the possible destruction of FBI records. In the filing today, the FBI suggested that EPIC would have to provide actual evidence of destruction of records before a court could issue a preservation order to prevent destruction of records.
  • EPIC Obtains Documents About FBI Drone Program » (Apr. 6, 2017)
    As a result of a Freedom of Information Act request, EPIC has obtained the FBI's first annual summary report on drone operations. The annual reports are required by an Obama Presidential Memorandum regarding the domestic use of drones by federal agencies. EPIC also obtained related documents about FBI drone operations that were heavily redacted. Additionally, EPIC requested the FBI's drone policies and procedures related to privacy, civil liberties, and civil rights. The FBI has not yet released these documents to EPIC. EPIC will appeal the FBI's failure to release these documents and will also challenge the redactions in the documents that were released.
  • EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data » (Mar. 21, 2017)
    EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
  • FBI Responds to EPIC FOIA Suit for Details of Russian Interference with 2016 Election » (Feb. 23, 2017)
    The FBI has filed an answer to EPIC's Freedom of Information Act lawsuit for records pertaining to the Russian interference with the 2016 Presidential election. In the answer, the FBI acknowledged receipt of EPIC's FOIA request. EPIC filed suit against the FBI in federal district court after the agency failed to make a timely decision concerning EPIC's request for expedited processing of the FOIA request. The parties will next confer to set a schedule for production of documents and briefing, if necessary. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking.
  • NEWS UPDATE - EPIC Sues FBI for Details of Russian Interference with 2016 Election » (Jan. 18, 2017)
    EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC. The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017). The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.” A press conference will be held at the Fund for Constitutional Government on Capitol Hill on Thursday, January 19, 2017 at 1 pm. Media Advisory
  • Open Government Lawsuits at Near-Record Highs in 2016 » (Dec. 9, 2016)
    Advocates, journalists, and businesses have brought a near-record 512 lawsuits under the Freedom of Information Act in 2016. The findings, complied by for by the Transactional Records Access Clearinghouse, show a 35 percent increase in FOIA litigation over the past five years. According to the new report, the lawsuits have covered diverse issues including "private email accounts, national security, immigration, the environment and even Donald Trump." In 2016, EPIC brought FOIA suits for the DOJ's secret inspector general reports, the DOT's drone task force records, and the FBI's biometric data transfer memos.
  • FBI to Monitor Twitter » (Nov. 29, 2016)
    According to FBI contracting documents, the FBI has hired Dataminr to monitor in real-time more than 500 million daily tweets. EPIC has warned that these techniques of mass surveillance will subject more innocent people to government investigation. In 2012, EPIC successfully obtained documents detailing the social media monitoring program of the Department of Homeland Security, including instructions to analysts to monitor critics of the agency. EPIC's FOIA work led to a Congressional hearing on social media monitoring and government surveillance.
  • EPIC FOIA Lawsuit Reveals Failure to Conduct Privacy Assessments for DEA Surveillance Programs » (Nov. 7, 2016)
    In response to an EPIC FOIA lawsuit, EPIC has learned that the Drug Enforcement Administration never completed privacy impact assessments for the agency's massive license plate reader program, a telecommunications records database, and other systems of public surveillance. Despite a federal judge instructing the agency to search for records in response to the FOIA lawsuit, the DEA failed to produce the privacy assessments required by law. The outcome of EPIC v. DEA raises questions about the privacy review of the agency systems funded by Congress. EPIC is currently litigating a similar lawsuit against the FBI.
  • Reuters: US Government Issued Secret Order to Yahoo to Scan All E-mails » (Oct. 4, 2016)
    Reuters reported today that Yahoo scanned the private email of Yahoo users pursuant to a secret directive issued by the FBI. The email scanning technique, based on a search for key terms, recalled a similar FBI program “Carnivore” that was found to capture far more information than authorized, according to documents obtained by EPIC under the Freedom of Information Act. The news report also renews concerns about the scope of US Internet surveillance.  The European Court of Justice struck down an EU-US data transfer deal last year, following revelations that US Internet firms collaborated with the NSA to enable mass surveillance.  A related case, Irish Data Protection Commissioner v. Facebook, is now pending. The Irish High Court has selected EPIC as "a friend of the court" to "counterbalance" the submission of the United States intelligence community.
  • EPIC’s Rotenberg Debates FBI Director at ABA Conference » (Aug. 7, 2016)
    EPIC President Marc Rotenberg and FBI Director James Comey debated "Emerging Issues in National Security and Law Enforcement" at a plenary session of the ABA annual conference in San Francisco. Comey stated that Americans have "never had absolute privacy." Rotenberg replied that the Fifth Amendment grants absolute privacy as a Constitutional right. In response to the Director's comments that the FBI has 650 phones it can not decrypt, Rotenberg pointed out that in 2013, more than 3.1 million cell phones were stolen. "Crime would be much higher in United States if cell phone users did not have strong encryption," said Rotenberg. The EPIC amicus brief in Apple v. FBI highlighted the risk of weak encryption, and noted that stolen cell phones are tied to identity theft and financial fraud.
  • EPIC Scrutinizes FBI's Massive Biometric Database » (Jul. 7, 2016)
    In comments to the FBI, EPIC criticized the Bureau’s proposal to remove Privacy Act safeguards from a database containing biometric data on millions of citizens, much of it unrelated to law enforcement. Through a FOIA lawsuit, EPIC obtained documents about the “Next Generation Identification” database that revealed an error rate up to 20% for face recognition searches. EPIC warned the FBI of the privacy and civil liberties risks as well as the potential for data breaches. EPIC urged the FBI to limit the scope of data collection, reduce the retention of data, and maintain the protections of the Privacy Act.
  • EPIC, Coalition Demand Congressional Oversight of FBI's Vast Biometric Database » (Jun. 23, 2016)
    Today EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI’s massive biometric database and the risks of facial recognition technology. The letter follows the FBI’s recent proposal to exempt the "Next Generation Identification” database from Privacy Act safeguards—including requirements for accuracy, relevancy, and transparency. The civil liberties organizations said that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.” In the EPIC v. FBI FOIA case, EPIC obtained documents which revealed high error levels in the biometric database.
  • GAO Report: FBI’s Use of Face Recognition Fails on Privacy and Accuracy » (Jun. 15, 2016)
    The Government Accountability Office released a report today detailing the FBI’s failure to conduct a privacy audit of the agency’s use of facial recognition or adequately test the accuracy of the technology. EPIC and a coalition of public interest groups recently urged the Justice Department to extend the public comment period for the FBI’s Next Generation Identification database, which includes facial recognition capabilities. Previous Freedom of Information Act requests by EPIC showed that the agency had numerous agreements with states to access driver license photos for facial recognition searches and that technical specifications allowed for a 20% search error rate.
  • EPIC, Coalition Seeks Time to Review FBI Biometric Database » (Jun. 1, 2016)
    EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies. Errors plague the NGI database. In a FOIA caseEPIC v. FBI, EPIC obtained documents, which showed that the FBI accepted a 20% error rate for facial recognition matches.
  • Senate Judiciary Committee Holds FBI Oversight Hearing » (Dec. 10, 2015)
    The Senate Judiciary Committee held an oversight hearing with FBI Director James Comey. Following the calls of some political leaders to exclude Muslims from the United States, Senator Leahy warned leaders to not "succumb to the politics of fear and lose sight of our fundamental American values." Director Comey continued to advocate for weakened encryption to enable law enforcement access to private communications. EPIC has championed strong encryption and urged President Obama to reject proposals to weaken encryption. EPIC has also urged oversight of the FBI's Next Generation Identification program, a massive biometric database, that lacks appropriate privacy safeguards.
  • Senators Seek Answers on Use of Cell Phone Surveillance Devices » (Jan. 2, 2015)
    Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Chuck Grassley (R-Iowa) have asked Attorney General Eric Holder and Secretary of Homeland Security Jeh Johnson several questions about the government’s use of cell site simulators or “Stingray” devices to track cell phones. According to the letter, the Senators previously asked FBI Director James Comey about the FBI’s use of cell site simulators and, after two briefings with the Senators, the FBI announced a new policy that it would obtain search warrants before using the devices, subject to certain exceptions. The new letter raises questions about the broader use of cell site simulators by other law enforcement agencies and their impact on the privacy of innocent individuals. EPIC filled a lawsuit under the Freedom of Information Act in 2012, seeking information about the FBI’s use of cell site simulators and, in particular, what legal process the agency required before deploying the technology. As a result of EPIC’s lawsuit, more than 4,000 pages of partially-redacted FBI records were released to the public. For more information, see EPIC v. FBI - Stingray / Cell Site Simulator.
  • Federal and State Wiretaps Up 5% in 2013 According to Annual Report, But Stats Don't Support FBI Claims of "Going Dark" » (Jul. 29, 2014)
    The Administrative Office of the U.S. Courts has issued the 2013 Wiretap Report, detailing the use of surveillance authorities by law enforcement agencies. This annual report, one of the most comprehensive issued by any agency, provides an insight into the debate over surveillance authorities and the use of privacy-enhancing technologies. In 2013, wiretap applications increased 5%, from 3,576 to 3,395. Authorities encountered encryption during 41 investigations, but encryption prevented the government from deciphering messages in only 9 cases. This statistic contradicts claims that law enforcement agencies are "going dark" as new technologies emerge. Of the 3,074 individuals arrested based on wiretaps in 2013, only 709 individuals were convicted based on wiretap evidence. EPIC has repeatedly called on greater transparency of FISA surveillance, citing the Wiretap Report as a model for other agencies. EPIC also maintains a comprehensive index of the annual wiretap reports and FISA reports. For more information, see EPIC: Title III Wiretap Orders, EPIC: Wiretapping, and EPIC: Foreign Intelligence Surveillance Act.
  • Coalition to Attorney General: Review FBI's Massive Biometric Database » (Jun. 25, 2014)
    EPIC, EFF, ACLU, Defending Dissent, and a coalition of over 30 organizations have urged Attorney General Holder to immediately conduct a privacy assessment of the FBI's proposed "Next Generation Identification" system. NGI is a massive database that includes biometric identifiers, such as digitized fingerprints and facial images, of millions of Americans. The system is set to go fully operational despite a required privacy assessment. EPIC previously sued the FBI to obtain details about the system. According to a FOIA document obtained by EPIC, the FBI accepts a 20% error rate for facial recognition searches of the Next Generation Identification database. Last year, EPIC also obtained documents from the FBI regarding the use of facial recognition on state DMV photos. For more information, see EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program.
  • Senate Judiciary Committee Hearing on FBI to Consider Drones, Facial Recognition » (May. 20, 2014)
    The Senate Judiciary Committee's oversight hearing of the FBI will take place of Wednesday, May 21. This is the first FBI oversight hearing since James Comey took over as Director. At the last oversight hearing, Director Mueller admitted that the FBI uses drones for domestic surveillance. The FBI promised to establish privacy guidelines but has failed to do so. The FBI has also failed to address the privacy implications of license plate readers and facial recognition technology. The FBI's Next Generation Identification program, a massive biometric system, is set to go fully operational this year; yet the agency has not established civil liberties safeguards. The database will employ facial recognition, iris recognition, and voice recognition. Documents obtained by EPIC under the FOIA indicate the agency is prepared to accept a 20% error rate for recognition techniques. For more information, see EPIC v. FBI - Next Generation Identification.
  • Spotlight: FBI Pushes Forward with Massive Biometric Database Despite Privacy Risks » (Dec. 10, 2013)
    EPIC's Spotlight on Surveillance Project returns to put the spotlight on the Federal Bureau of Investigation's Next Generation Identification program. A billion dollar project to increase the Bureau's ability to collect biometric identifiers on millions of individuals in the United States. The FBI is currently adding facial, iris, and voice identification techniques that will greatly increase the Bureau’s ability to pursue mass surveillance. EPIC is pursuing a Freedom of Information Act lawsuit to learn more about the program. Many of the techniques now being deployed in the US were developed by the US Department of Defense for war zones. EPIC has urged greater Congressional oversight of the program and new privacy safeguards. See EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program.
  • Nation Mourns Death of Nelson Mandela, World Leader who Appeared on US "Terrorist" Watch List » (Dec. 6, 2013)
    Former President of South Africa Nelson Mandela has died. He is revered in the US and around the world for helping to bring about the end of apartheid, for leading his country into a new era, and for championing the cause of human rights. Until 2008, Mr. Mandela, a member of the African National Congress and a winner of the Nobel Peace Prize, also appeared on the US "Terrorist" Watch List. Documents obtained by EPIC under the Freedom of Information Act in 2012 revealed a broad legal standard that allows the US to place someone on the Terrorist Watch List virtually forever. Mr. Mandela's name was taken off the list in 2008 by a formal act of Congress. Approximately 700,000 people are currently tracked by the US Terrorist Screening Center. For more information, see EPIC: FBI Watchlist (National Terrorist Screening Center) and EPIC: Mandela and Privacy.
  • FBI Exempts Massive Database from Privacy Act Protections » (Oct. 10, 2012)
    The Federal Bureau of Investigation has exempted the FBI Data Warehouse System, from important Privacy Act safeguards. The database ingests troves of personally identifiable information including race, birthdate, biometric information, social security numbers, and financial information from various government agencies. The database contains information on a surprisingly broad category of individuals, including "subjects, suspects, victims, witnesses, complainants, informants, sources, bystanders, law enforcement personnel, intelligence personnel, other responders, administrative personnel, consultants, relatives, and associates who may be relevant to the investigation or intelligence operation; individuals who are identified in open source information or commercial databases, or who are associated, related, or have a nexus to the FBI’s missions; individuals whose information is collected and maintained for information system user auditing and security purposes." The Federal Bureau of Investigation has exempted these records from the notification, access, and amendment provisions of the Privacy Act. Earlier this year, EPIC opposed the Automated Targeting System, another massive government database that the Department of Homeland Security exempted from Privacy Act provisions. For more information, see EPIC: The Privacy Act of 1974 and EPIC: Automated Targeting System.
  • EPIC Obtains New Details on PATRIOT Act » (Apr. 4, 2012)
    As the result of a Freedom of Information Act request, EPIC has obtained more than 650 pages of documents related to the PATRIOT Act. EPIC had requested information related to the FBI's abuse of PATRIOT Act authorities and documents concerning the 2009 sunset of the PATRIOT Act. The documents disclosed by the FBI include training presentations, answers to questions from Senators Leahy and Specter, and a list of reporting requirements. In an answer to Senator Leahy, the FBI stated that while it would discontinue the use of exigent letters, which the Inspector General had previously noted as a frequent source of abuse, the agency planned to continue its use of the emergency disclosures provision of the Electronic Communications Privacy Act. For more information, see EPIC: USA PATRIOT Act.
  • EPIC Publishes 2012 FOIA Gallery » (Mar. 12, 2012)
    In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2012. The gallery highlights key documents obtained by EPIC in the past year, including the Federal Bureau of Investigation's watch list guidelines, records of the Department of Homeland Security's social media monitoring program, Google's first Privacy Compliance Report, records detailing the government's FAST scanning program, records of the FBI's surveillance of Wikileaks supporters, and DHS records detailing the use of body scanners at the U.S. border. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.
  • DHS Privacy Office Releases 2011 Data Mining Report » (Mar. 5, 2012)
    The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency's current activities that fall within the legislative definition of "data mining." Among other things, this year's report references the Agency's programs to profile individuals entering or leaving the country to determine who should be subject to "additional screening." A FOIA request by EPIC in 2011 revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office.
  • Documents Obtained by EPIC Reveal FBI Watch List Details » (Sep. 28, 2011)
    EPIC has obtained documents that reveal new details about standards for adding and removing names from the FBI watch list. The documents were obtained as the result of an EPIC Freedom of Information Act request to the Federal Bureau of Investigation. The FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. Also, individuals may remain on the FBI watch list even if charges are dropped or a case is dismissed. The New York Times broke the story and posted the documents obtained by EPIC. For more information, see EPIC: FBI Watch List FOIA and EPIC: Open Government.
  • Inspector General Finds "Egregious Breakdown" in FBI Oversight » (Jan. 21, 2010)
    The Department of Justice Office of the Inspector General has issued a report on the FBI's use of "exigent letters" and other means to obtain telephone records from three unnamed phone companies. The 300-page report concludes that many of the FBI's practices "violated FBI guidelines, Department policy," and the Electronic Communications Privacy Act. The report also found that "the FBI sought and acquired reporters' telephone toll billing records and calling activity information" through improper means. The report concludes that "the FBI's initial attempts at corrective action were seriously deficient, ill-conceived, and poorly executed" and makes several recommendations for improvement. In a 2007 letter to the Senate Judiciary Committee, EPIC recommended that the FBI's National Security Letter authority be repealed. For more information, see EPIC National Security Letters.
  • FBI's Use of FISA Increasing » (May. 20, 2009)
    In a report to Congress, the Justice Department revealed a substantial increase in the use of National Security Letters to acquire information on American citizens without court order. In 2008, the FBI made 24,744 NSL requests pertaining to 7,225 persons compared to 16,804 requests pertaining to 4,327 persons in 2007. The report also detailed 2,082 applications by the FBI to the Foreign Intelligence Surveillance Court for authority to conduct surveillance and physical searches. An earlier audit had revealed that some "blanket-NSLs" did not document the relevance of the information sought to a national security investigation and the statistics were not reported to the Congress. For more information, see EPIC's Page on Foreign Intelligence Surveillance Act, National Security Letters, and Wiretapping.


On June 4, 2014, EPIC filed a Freedom of Information Act (FOIA) request with the Federal Bureau of Investigation (FBI) for all its Privacy Impact Assessments (PIAs) that are not currently publicly available as well as all the Initial Privacy Assessment (IPA) and Privacy Threshold Analysis (PTA) documents since January 2007. The PTAs, and later the IPAs, are used to determine whether a more thorough PIA is required for the use of new information technology.

Over the past several years, the FBI has indicated it was going to do a number of PIAs that of the writing of this FOIA request are not publicly available. On July 18, 2012, the Senate Subcommittee on Privacy, Technology and the Law held a hearing on "What Facial Recognition Technology Means for Privacy and Civil Liberties". At that hearing, Jerome Pender, the Deputy Assistant Director of the Information Services Branch for Criminal Justice Information Services Division of the FBI, was one of the witnesses. In his statement for the record, Mr. Pender stated, "the 2008 Interstate Photo System PIA is currently in the process of being renewed by way of Privacy Threshold Analysis (PTA), with an emphasis on Facial Recognition. An updated PIA is planned and will address all evolutionary changes since the preparation of the 2008 IPS PIA." No updated PTA, IPA, or PIA is publicly available regarding the FBI's use of facial recognition technology.

On June 19, 2013, the Senate Judiciary Committee held a hearing on "Oversight of the Federal Bureau Investigation." During the hearing, FBI Director Robert Mueller had the following exchange with Senator Chuck Grassley:

Sen. Grassley: Does the FBI own or currently use drones and if so, for what purpose?

Director Mueller: Yes, and for surveillance.

Later during that same exchange, Senator Grassley asked whether the FBI uses drones for domestic surveillance and whether the FBI had considered the privacy impact of its use of drones.

Sen. Grassley: So instead of asking a question, I think I can assume since you do use drones, that the FBI has developed a set of policies, procedures, and operational limits on the use of drones. And whether or not any privacy impact on American citizens?

Director Mueller: We are in the initial stages of doing that. I will tell you that our footprint is very small, we have very few, and of limited use, and we are exploring not only the use but also the necessary guidelines for that use.

Sen. Grassley: Does the FBI use drones for surveillance on U.S. soil.

Director Mueller: Yes.

No PTA, IPA, or PIA is publicly available regarding the FBI's use of drones.

In FOIA documents received by EPIC last year, an email from early 2012 indicates that the FBI is required to do a PIA for its license plate reader ("LPR") program and make the document publicly available. A separate email indicated a draft PIA existed for the LPR program. Two years later, no PTA, IPA, or PIA for the FBI's LPR program is publicly available.

The E-Government Act of 2002 requires agencies to perform Privacy Impact Assessments for new information technology collects personally identifiable information. As the Department of Justice notes in its guidance to DOJ components, the PIA "helps promote trust between the public and the Department increasing transparency of the Department’s systems and missions."

EPIC's Interest

EPIC has long worked to bring transparency and accountability to the efforts of law enforcement to use new surveillance and information technology that collects and stores personal information about citizens. EPIC previously requested FOIA documents regarding the FBI’s Facial Analysis Comparison and Evaluation (FACE) Services unit. In response to the FOIA request, EPIC received a PTA that indicated a PIA was required by the E-Government Act, but no PIA is publicly available for the FACE Services unit.

In June 2013 comments to the Department of Homeland Security, EPIC urged DHS to conduct a comprehensive privacy impact assessment on the Office of Biometric Identity Management’s plan to collect biometrics at ports of entry to the United States. More recently, EPIC organized a coalition letter to the Attorney General opposing the expansion of the FBI’s Next Generation Identification program and urging the Justice Department to conduct a Privacy Impact Assessment on the program before moving forward.

Privacy assessments are a critical part of assessing the level of intrusiveness new technologies could have on ordinary citizens. The assessments are required by law and provide transparency to the public. EPIC’s FOIA litigation is designed to reveal where this transparency is lacking and highlight those privacy-evasive programs that still lack proper assessments of their impact on privacy.

Freedom of Information Act Documents

On June 4, 2014, EPIC submitted a FOIA request asking for:

(1) All Privacy Impact Assessments the FBI has conducted that are not publicly available at

(2) All Privacy Threshold Analysis documents and Initial Privacy Assessments the FBI has conducted since 2007 to present.

Legal Documents

EPIC v. Federal Bureau Of Investigation, Case No. 14-cv-01311 (D.D.C. filed Aug., 1, 2014)


News Reports

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security