Previous Top News 2004
- eBay Abandons Passport, Cites Security Concerns. eBay has announced that, beginning in late January, it will no longer enable members to sign in to eBay using Microsoft Passport Sign In. The move is the latest among Internet companies that are dropping the single sign-in identification scheme. In 2001, EPIC and a coalition of consumer advocacy groups filed complaints with the Federal Trade Commission warning of privacy risks associated with Passport. In 2002, the Commission sided with EPIC and issued a a privacy enforcement action against Microsoft. For more information, see EPIC's Sign Out of Passport Page. (Dec. 30)
- EPIC Releases Ten Privacy Resolutions. Celebrate a more private New Year by adopting these ten consumer privacy resolutions! Don't just promise yourself to lose weight in 2005, also lose those data brokers by protecting your personal information. (Dec. 23)
- EPIC Sues FBI Again For Terrorist Database Information. For the second time in three months, EPIC has asked a federal court for an emergency court order (pdf) forcing the FBI to turn over information about the Terrorist Screening Database and how it will be used in Secure Flight. In October, EPIC sued the agency when it refused to recognize that EPIC was entitled to a quick release of the documents. The FBI backed down and the case was dismissed, but the agency has not given EPIC the information. (Dec. 21)
- EPIC Objects to Student Data Matching. A coalition of groups has objected to data sharing between the Selective Service System (SSS) and the Department of Education to determine whether students have registered for the draft. In a letter to the SSS, EPIC argued that a data matching arrangement does not comply with the Privacy Act, and that it should be suspended immediately. For more information, see the EPIC Student Privacy Page. (Dec. 21)
- EPIC Seeks Investigation of ChoicePoint, Data Brokers. In a letter to the Federal Trade Commission, EPIC has urged the agency to investigate ChoicePoint and other data brokers for compliance with the federal Fair Credit Reporting Act. The letter argues that Choicepoint and its clients have performed an end-run around the FCRA, and sell personal information to law enforcement, private investigators, and businesses without substantive or procedural privacy protections. For more information, see the EPIC FCRA and ChoicePoint Pages. (Dec. 16)
- EPIC FOIA Request Shows Postal Machines Take, Store Photos. Documents (pdf 1.9 MB) obtained by EPIC under the Freedom of Information Act show that new Postal Service self-service postage machines take portrait-style photographs of customers and retain them for 30 days on a Windows XP platform. One document reads, "Camera required by FAA. Privacy Office is requiring a notice for customers, advising that photograph may be taken during the transaction." For more information, see the EPIC Postal Service Privacy Page. (Dec. 9)
- Coalition Urges FTC to Unblock Links to Free Credit Site. EPIC and five privacy and consumer groups have called upon the FTC to order credit reporting agencies to stop blocking web hyperlinks to a site that provides free credit reports. The letter argues that blocking links violates federal regulations, and that, "Whether intentional or not, every subtle and not so subtle web design tactic has been employed to make www.annualcreditreport.com difficult to find and use." EPIC has posted a webpage that circumvents the blocking. For more information, see the EPIC FCRA Page. (Dec. 7)
- Sen. Nelson Joins EPIC in Opposing Do-Not-Call Loophole. Senator Bill Nelson (D-FL) has called upon the Federal Trade Commission to abandon a proposed loophole to the telemarketing Do-Not-Call Registry. The loophole would allow companies to send recorded messages to persons with whom they have done business. In a letter (pdf) to the FTC, Nelson warned that the loophole threatens to erode consumer privacy and flood homes with unwanted messages. EPIC and Nelson are urging the public to comment on the loophole by January 10, 2005. For more information, see the EPIC Telemarketing Page. (Dec. 7)
- Free Credit Report Site Blocks Web Links. Nationwide credit reporting agencies are required under federal law to provide a free credit report to residents of western states online starting December 1, 2004. However, the credit reporting agencies have blocked links to the free site, citing bogus security concerns. By blocking outside links, the companies create a greater risk of phishing because consumers have to type in the URL, and the companies can steer consumers to their expensive, unnecessary credit monitoring services, avoiding their duty to provide free reports. To get your free report, paste the following URL into your browser: http://www.annualcreditreport.com. (Dec. 4)
- Privacy International Coalition Opposes European Fingerprinting Plan. A coalition of privacy officials, non-governmental organizations, and individuals have urged the European Parliament to stop a proposal for mandatory biometric identification for all European citizens and residents. The coalition argues that it is an unnecessary and rushed policy that will diminish Europeans' right to privacy. Privacy International specifically recommends the removal of the European-wide fingerprinting requirement. (Nov. 30)
- FTC Fails to Enforce Children's Privacy Law Against Amazon. Responding to a formal complaint from EPIC and several other privacy organizations, Federal Trade Commission staff have recommended (pdf) that the agency not pursue Amazon.com under the Children's Privacy Protection Act despite the fact that the "Toy Store" website targets children and collects personal information. The agency relied heavily on a single sentence in the company's privacy policy, and concluded that the site wasn't covered by the privacy law. For more information, see the EPIC COPPA Page. (Nov. 24)
- FTC Fails to Enforce Children's Privacy Law Against Amazon. Responding to a formal complaint from EPIC and several other privacy organizations, Federal Trade Commission staff have recommended (pdf) that the agency not pursue Amazon.com under the Children's Privacy Protection Act despite the fact that the "Toy Store" website targets children and collects personal information. The agency relied heavily on a single sentence in the company's privacy policy, and concluded that the site wasn't covered by the privacy law. For more information, see the EPIC COPPA Page. (Nov. 24)
- EPIC FOIA Request Reveals CIA Funding for Internet Surveillance in US. EPIC has uncovered a Memorandum of Understanding between the CIA and the National Science Foundation for a joint program that includes researching ways to monitor on-line chat rooms. The joint program is called "Approaches to Combat Terrorism: Opportunities for Basic Research." Recently, a group of computer scientists expressed concern about the redirection in science funding toward the development of systems of public surveillance. Press Release. (Nov. 24)
- EPIC Releases Privacy & Human Rights 2004 Report. This extensive survey examines the state of civil liberties and privacy rights in more than 60 countries around the world. Key topics include new technologies of surveillance, such as traveler profiling systems, smart cards, biometrics, DNA and health information databases, and radio frequency identification, as well as the public response to governments' violations of individual privacy. More details here. (Nov. 24)
- House Bill Would Give Congress Access to Tax Records. The House approved a 3,000-page appropriations bill with a provision that would have given two Congressional committee chairmen access to Americans' tax returns. The Senate voted unanimously to kill the provision, but the House must agree before the bill can be signed into law. House Minority Leader Nancy Pelosi (D-CA) denounced the measure, saying, "it should be of grave concern to all Americans that their privacy could be invaded by such an outrageous provision." For more information, see EPIC's Taxpayer Privacy Page. (Nov. 22)
- EPIC Joins Civil Liberties Brief in Wiretap Case. EPIC joined five civil liberties organizations to file a "friend of the court" brief (pdf) in United States v. Councilman, a federal appeals case involving whether email can be "intercepted" in violation of federal wiretap law while it is temporarily retained on an email server -- even if only for a fraction of a second. Senator Patrick Leahy also filed an amicus brief (pdf) supporting electronic privacy in the case, discussing the intent of Congress when it extended legal protections to email. Five technical experts also filed a brief (pdf) in favor of Internet privacy. For more information, see EPIC's United States v. Councilman Page. (Nov. 15)
- Airlines Ordered to Hand Over Passenger Info. The Transportation Security Administration has ordered 72 airlines to turn over a month's worth of passenger data to test the Secure Flight passenger prescreening program. The airlines have been told they must give the agency all passenger records from June 2004 domestic flights by November 23. For more information, see EPIC's Passenger Profiling Page. (Nov. 11)
- House Defies 9/11 Commission, Endorses Government Secrecy. Bowing to pressure from the House in negotiations over legislation to implement the 9/11 Commission's recommendations (7 MB pdf), the Senate has agreed that the government's intelligence budget will remain classified. This decision frustrates the Commission's finding that Congressional oversight of intelligence must be improved, and supports a tradition of secrecy and extensive classification that may frustrate public oversight and press reporting on matters of national interest. For more information, see EPIC's page on the 9/11 Commission Recommendations. (Nov. 9)
- Privacy Commissioner Urges Protections for Civil Liberties in War on Terror. In her annual report to Parliament, Canada's privacy commissioner urged that the increased collection of Canadians' personal information to combat terrorism poses a grave threat to civil liberties. Jennifer Stoddart urged that "we must ensure the privacy rights of individuals are not lost or submerged in the chorus of voices calling for more security, more data, and more information about all of us." The report comes just days after British Columbia's privacy commissioner concluded (pdf) that British Columbians' personal information needs greater safeguards from the reach of the USA PATRIOT Act. (Nov. 5)
- Court Convicts Two of Felony Spamming. A brother and sister from North Carolina became the first people in the nation convicted on felony spamming charges this week. A jury in Loudon County, Virginia, found the two guilty of three felony violations of the Virginia anti-spam law for flooding the email accounts of America Online users with more than 10,000 unsolicited ads for routine commercial activity in just three days. The jury recommended a sentence of nine years in prison for one defendant, and a $7,500 fine for the other. For more information, see EPIC's Spam Page. (Nov. 5)
- EPIC Calls for US-VISIT Data Privacy Safeguards. In comments (pdf) filed this week, EPIC urged the Department of Homeland Security to consider privacy implications as it expands the United States Visitor and Immigrant Status Indicator Technology (US-VISIT), a controversial border entry-exit program. In August, the agency announced that it would expand US-VISIT to the 50 busiest land border points of entry by the end of this year. It also expanded the category of individuals who are subject to US-VISIT to include visa waiver travelers and Mexican citizens traveling to and from the U.S. EPIC's comments emphasized the potential for mission creep within the program, and noted the importance of safeguarding the accuracy and security of the information collected through US-VISIT. For more information about US-VISIT, see EPIC's US-VISIT Page. (Nov. 5)
- Report: PATRIOT Act Threatens Canadians' Privacy. British Columbia's information and privacy commissioner has released a report (pdf) finding that the USA PATRIOT Act violates British Columbian privacy laws, and that personal information about Canadians may be accessible to the U.S. government under the Act. The report concludes that changes to privacy law and other measures are necessary to protect British Columbians' personal information against seizure under the controversial American law. For more information, see EPIC's USA PATRIOT Act Page. (Nov. 1)
- ID Requirements May Obstruct Your Right to Vote. Your right to vote on Election Day may be challenged by overly zealous enforcement of new voting identification requirements. Some states have gone far beyond federal law, which requires that new voters must provide ID before being allowed to vote. For more information on your state's ID requirements for voting go to www.bringyourid.org. For general information on voting see: votingintegrity.org. (Oct. 29)
- EPIC Recommends Protections for Public Records. In comments (pdf) to a committee formed by the Florida Supreme Court, EPIC recommended protections for personal information that appears in public records. EPIC advised that personal data in public records are being commodified for purposes unrelated to government oversight. For more information, see the EPIC Public Records Page. (Oct. 29)
- EPIC Urges Postponement of Secure Flight. EPIC has called upon (pdf) the Transportation Security Administration to suspend the test phase of Secure Flight until the program's significant privacy issues are resolved and the government is willing to be more forthcoming about the program's details. EPIC also urged (pdf) the Office of Management and Budget not to permit TSA to collect a month's worth of passenger information for Secure Flight testing purposes until the program's privacy and transparency issues are addressed. (Oct. 28)
- EPIC Calls For Transportation Worker Privacy Safeguards. In comments (pdf) filed this week, EPIC urged the Transportation Security Administration to tightly safeguard personal information in two data collection programs. The Transportation Workers Identification Credentialing System (TWIC) and the Transportation Security Threat Assessment System (T-STAS) will compile data on a variety of people directly and indirectly related to the transportation industry. EPIC's comments note the dangers of identity theft, misappropriation and mission creep if the data collected for these programs are not properly protected. (Oct. 28)
- FBI Folds in EPIC Lawsuit for Secure Flight Info. Just a day after EPIC applied for an emergency court order (pdf) asking federal court to order the FBI to immediately release documents about the Terrorist Screening Database and its role in Secure Flight, the agency has backed down. Conceding that EPIC met its burden of demonstrating "compelling need" for the documents, the FBI must release the information as soon as practicable. (Oct. 14)
- EPIC Sues For Release of Secure Flight Info. EPIC has applied for an emergency court order (pdf) requiring the FBI to release information about the Terrorist Screening Database and its role in Secure Flight, the government's proposed passenger prescreening system. Secure Flight will compare passenger records against information in the database, which will include expanded "Selectee" and "No-Fly" lists. EPIC argued that information about the database must be made available prior to the October 25 deadline for public comments on the Transportation Security Administration's plans for testing Secure Flight. (Oct. 13)
- Ethics Committee Rebukes DeLay For Misleading Agency. A Congressional ethics committee has unanimously voted that House Majority Leader Tom DeLay (R-TX) used his position to exert undue influence over a federal agency. The Committee admonished DeLay for misleading Federal Aviation Administration officials when he asked them to search for Texas lawmakers who left the state last year to prevent a vote on congressional redistricting. In response to a 2003 Freedom of Information Act request, EPIC obtained audio recordings between the FAA's Washington office and field offices indicating that FAA officials were led to believe that DeLay's request was part of a formal Congressional investigation. The Committee concluded that DeLay's conduct "raises serious concerns" under House rules that "precluded use of government resources for a political undertaking." (Oct. 7)
- Court to Reconsider E-Mail Interception Case. The First Circuit Court of Appeals has voted to rehear its decision in United States v. Councilman, a case involving whether e-mail can be "intercepted" in violation of federal wiretap law while it is temporarily stored on an e-mail server -- even if only for a fraction of a second. In 2-1 ruling in July, the court ruled that an online literary clearinghouse did not violate the law when it used an e-mail service it provided to its subscribers to access their incoming e-mail so it could view messages sent to them by a rival company. For more information see EPIC's Wiretap Page. (Oct. 5)
- US-VISIT Expands to Include Visa Waiver Travelers. Today the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program will begin screening travelers entering and leaving the United States through the Visa Waiver Program, which includes visitors from the United Kingdom, France, Spain, Ireland, Japan, and 22 other countries. The U.S. government will now collect biometrics from about 33,000 more travelers every day. For more information, see EPIC's US-VISIT Page. (Sept. 28)
- EPIC Publishes New FOIA Guide. In conjunction with International Right to Know Day, EPIC announced the release of Litigation Under the Federal Open Government Laws 2004. The book is a key resource for individuals pursuing open government requests in the United States. For information about EPIC publications, visit the EPIC Bookstore. (Sept. 28)
- EPIC Urges Congress to Protect SSNs. In testimony to the House Energy and Commerce Subcommittee on Consumer Protection, EPIC advocated strong protections for Social Security Numbers. EPIC urged Congress to pass legislation that limits use and dissemination of the SSN in both the public and private sector. A live webcast of the event is available. For more information, see the EPIC SSN Page. (Sept. 28)
- EPIC Sues For Census Disclosure Info. In a complaint (pdf) filed in federal court this week, EPIC is seeking the release of additional information about the Census Bureau's disclosure of statistical data to Customs and Border Protection about people who identified themselves on the 2000 census as being of Arab ancestry. In July, EPIC obtained documents under the Freedom of Information Act showing that the Census Bureau had prepared special tabulations for the law enforcement agency showing the populations of Arab ancestry living in certain cities and ZIP codes. For more information, see EPIC's Census FOIA Page. (Sept. 24)
- Spyware and Wireless Directory Privacy Bills Advance in Senate. The Senate Commerce Committee has approved bills to provide privacy protections against spyware and to prohibit wireless carriers from publishing subscribers' phone numbers in wireless directories without their consent. Earlier this week, EPIC Executive Director Marc Rotenberg testified before the Committee on the need to establish privacy safeguards for wireless phone subscribers. Both bills will now move to the full Senate. (Sept. 24)
- EPIC Testifies on Voting Privacy. The Election Assistance Commission Technical Guidelines Development Committee asked EPIC to offer testimony (pdf) on the impact that new voting technology and polling place practices has on the privacy rights of voters. The hearing was an opportunity for the committee charged with making recommendations on voluntary standards for election systems and voting technology. The committee is expected to make its recommendations to the full Election Assistance Commission board sometime next summer for adoption and implementation in 2006. (Sept. 22)
- Details Emerge on New Passenger Prescreening Program. The Transportation Security Administration has released a Privacy Act notice (pdf) and privacy impact assessment (pdf) for the test phase of Secure Flight, the passenger prescreening initiative under development to replace CAPPS II. The notice shows that Secure Flight, like CAPPS II, will be a secretive program that may collect personal information irrelevant and unnecessary for aviation security. Furthermore, passengers will be deprived of judicially enforceable rights to access and correct personal information. The Transportation Security Administration has also issued a proposed order (pdf) that will require airlines to turn over passenger records from June 2004 to test Secure Flight. (Sept. 22)
- EPIC to Testify on Wireless Phone Directories. On Tuesday, September 21, EPIC Executive Director Marc Rotenberg will testify before the Senate Commerce Committee on "The Wireless 411 Privacy Act." The law will establish some privacy safeguards for wireless phone subscribers. EPIC's testimony argues for an opt-in approach for directory listings, security safeguards, and a prohibition on the sale of personal mobile phone numbers to data brokers. A live broadcast of the testimony is available at 2:30 PM. (Sept. 20)
- EPIC Urges Government to Reverse Decision on Passenger Privacy. In a petition for review (pdf) filed today, EPIC has urged the Department of Transportation to reverse its decision (pdf) that Northwest Airlines did not commit an unfair or deceptive trade practice by providing sensitive customer data to a government agency, contrary to the plain meaning of the airline's privacy policy, and in the absence of any legal obligation to do so. EPIC argues that the agency failed to correctly apply the test for a violation of consumer protection law, ignoring the analysis for deceptive trade practices established by law and relevant precedent. EPIC also points out that the agency's conclusion that it would not enforce Northwest's privacy policy if it were to find that the airline violated it flies in the face of the commitments the agency has made to the public and the European Union. For more information, see EPIC's page on the Northwest disclosure. (Sept. 20)
- EPIC Obtains Draft Privacy Impact Assessments Showing CAPPS II Mission Creep. Through Freedom of Information Act litigation with the Transportation Security Administration, EPIC has obtained three heavily redacted draft privacy impact assessments the agency performed for the now-defunct second generation Computer Assisted Passenger Prescreening System (CAPPS II). The drafts, dated April 17, 2003 (pdf), July 29, 2003 (pdf), and July 30, 2003 (pdf), reflect a dramatic expansion over just three and a half months in the ways passenger information collected for the program would have been shared. For more information, see EPIC's Passenger Profiling Page. (Sept. 14)
- Transportation Dept. Dismisses EPIC's Claims Against Northwest. EPIC to Appeal. The Department of Transportation dismissed (pdf) EPIC's complaint against Northwest Airlines, which had alleged that the airline violated its privacy policy by disclosing millions of passenger records to NASA for use in a data mining study, thus committing an unfair and deceptive trade practice. The Department concluded that Northwest's privacy policy "did not unambiguously preclude it from sharing data" with NASA, and that "even if it did, such a promise would be unenforceable as against public policy[.]" EPIC will petition the Department for review of the decision. For more information, see EPIC's page on the Northwest disclosure. (Sept. 14)
- Court Says Government Must Make ID Arguments Publicly. The Ninth Circuit Court of Appeals has rejected (pdf) the Justice Department's request to make its arguments secretly in Gilmore v. Ashcroft, a case challenging an unpublished federal regulation that requires passengers to show ID before boarding commercial airplanes. The agency had asked that its arguments be kept secret from Gilmore and the public, stating in court papers that disclosure "would be detrimental to the security of transportation." EPIC has filed a "friend of the court" brief (pdf) in the case, arguing that meaningful judicial review is necessary to prevent the government from imposing secret law upon the public in violation of constitutional due process rights. For more information, see EPIC's Passenger Profiling Page. (Sept. 14)
- DOJ Document Details Online Information Collection, Surveillance Policies. EPIC has obtained a document titled: "Online Investigative Principles for Federal Law Enforcement" (Part 1, Part 2, Part 3, pdf 1.2MB each). The document details federal law enforcement policies for obtaining personal information online and engaging in surveillance. (Sept. 13)
- Docs Show Meetings Between Clark, Poindexter. New documents (pdf) show that General Wesley Clark, a lobbyist for commercial data company Acxiom, met with former Total Information Awareness developer, Admiral John Poindexter in May and June 2002. Previously obtained documents from the same time period indicate that Acxiom was considered as a source of personal information for a government "mega-scale database." For more information, see the EPIC Total Information Awareness Page. (Sept. 13)
- EPIC Brief Supports State Privacy Protections. EPIC, joined by a coalition of consumer and civil liberties groups representing 41 million individuals, has filed a brief in support of SB1, California's Financial Information Privacy Act. In the case, ABA v. Lockyer, banks challenged the law, arguing that the federal Fair Credit Reporting Act supercedes the California protections. The brief argues that affiliate sharing causes identity theft and fraud, and is inconsistent with fair information practices. For more information, see the EPIC ABA v. Lockyer, Preemption, and FCRA Pages. (Sept. 8)
- Report Finds Dramatic Increase in Government Secrecy. OpenTheGovernment.org, a coalition of more than 30 civil liberties groups promoting less secrecy and more democracy in government, has released a report (pdf) finding that government secrecy has increased substantially in recent years. According to the report, for every $1 the federal government spent last year making formerly classified information available to the public, it spent $120 to keep information secret. (Sept. 7)
- EPIC Files Comments on Use of Voter SSNs. In comments to the Social Security Administration, EPIC has urged the agency not to create a new routine use of the Social Security Number for state voter registration purposes. EPIC asked the agency not to implement this routine use until state election administrations agree not to require voters to present their Social Security cards in order to vote in federal elections. For more information, see the EPIC Voting and SSN Pages. (Sept. 3)
- EPIC Files Brief Supporting Driver Privacy. EPIC, joined by the American Civil Liberties Union of Florida, has submitted an amicus brief in Kehoe v. Fidelity Bank, a case under the federal Drivers Privacy Protection Act where a bank purchased over 500,000 motor vehicle records from Florida for junk mail solicitations. The brief argues that individuals are entitled to damages under the law when businesses or data brokers intentionally access motor vehicle information. For more information, see EPIC's Drivers Privacy Protection Act Page. (Sept. 1)
- Census Bureau Revamps Data Sharing Policy. The Census Bureau has announced that it will no longer provide special tabulations on "sensitive populations" to law enforcement or intelligence agencies unless senior Census Bureau officials approve such disclosure. The policy change follows a public outcry in response to documents obtained by EPIC under the Freedom of Information Act revealing that the Census Bureau provided the Department of Homeland Security demographic information about individuals of Arab American ancestry. For more information, see EPIC's Census Privacy Page. (Aug. 31)
- Homeland Security Expands US-VISIT. The Department of Homeland Security published a notice today announcing that it will expand the controversial United States Visitor and Immigrant Status Indicator Technology (US-VISIT) to the 50 most highly trafficked land border ports of entry in the United States early next year. The notice also states that the agency has the authority to collect biometric data from nonimmigrant visitors who travel to the U.S. through the Visa Waiver Program, as well as Mexican citizens traveling to and from the U.S. For more information, see EPIC's US-VISIT Page. (Aug. 31)
- President Bush Creates Civil Liberties Board. President Bush has issued an executive order creating the Board on Safeguarding Americans' Civil Liberties, which is intended to advise the president on civil liberties and ensure that agencies do not violate privacy and civil rights laws. The board will be comprised of government officials from law enforcement and intelligence agencies, and will not include nongovernmenal membership or independent oversight. (Aug. 31)
- TSA to Test New Passenger Prescreening Program. The Transportation Security Administration has announced it will begin testing Secure Flight, a new passenger prescreening system, in November. The program, which is intended to replace the now-defunct CAPPS II, will compare passenger records to expanded "selectee" and "no fly" lists already in use. Passengers whose records match names on the lists will be subject to commercial background checks to verify their identities. The agency stated that it plans to have a redress process for individuals improperly flagged by Secure Flight, but it is unclear how this process will work. For more information, see EPIC's Passenger Profiling Page. (Aug. 26)
- Court Rules Secret Contract Subject to FOIA. A federal court has held (pdf) that a classified contract between the Federal Bureau of Investigation and ChoicePoint, a commercial data broker, is subject to the Freedom of Information Act. The court also rejected the FBI's request for a two-year delay for review of the contract. EPIC has obtained over 1,500 documents about ChoicePoint under FOIA, and Associate Director Chris Hoofnagle recently published a law journal article analyzing the documents. For more information, see EPIC's ChoicePoint Page. (Aug. 24)
- Army Finds JetBlue Passenger Data Use Legal. The Army Inspector General has concluded (pdf) that neither the Army nor a defense contractor violated the Privacy Act by using of millions of JetBlue Airways passenger records in a military data mining project without the knowledge or consent of the affected passengers. The report was obtained through the Freedom of Information Act by journalist Ryan Singel. In September, JetBlue conceded that the disclosure violated its own privacy policy. For more information, see EPIC's Passenger Profiling Page. (Aug. 24)
- Ninth Circuit Upholds Compelled Disclosure of DNA. In a close 6-5 ruling, the Ninth Circuit Court of Appeals has determined that a parolee can be forced to provide a DNA sample for the FBI's vast national DNA database. In March, EPIC filed a "friend of the court" brief (pdf) in the case, arguing that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. For more information, see EPIC's United States v. Kincade Page. (Aug. 18)
- Gmail Privacy Discussed in Google Interview. In an interview with Google's founders, Playboy Magazine raises the privacy objections that EPIC and other organizations have made regarding Gmail, an advertising-supported Web mail system that engages in "content-extraction" to target ads. For more information, see EPIC's Google Gmail FAQ Page. (Aug. 18)
- EPIC Urges Privacy Protections for Auto Black Boxes. In comments, EPIC urged the National Highway Transportation Security Administration to create privacy protections for "Event Data Recorders," black boxes in vehicles that record crash data. EPIC noted that the boxes can become platforms for broader surveillance and that information collected by them should be subject to fair information practices. (Aug. 13)
- EPIC Joins Coalition in Objecting to Census Data Sharing. In an open letter EPIC joined a coalition of civil liberties groups calling upon the Department of Homeland Security to explain its use of statistical Census data on Arab Americans. For more information, see the EPIC Census and Census FOIA Pages. (Aug. 13)
- Groups Comment on Postal Database System. EPIC and Privacy Rights Clearinghouse filed comments suggesting privacy improvements to a Postal Service system that will employ commercial databases to improve delivery rates. The comments call upon the Postal Service to require the commercial database vendor to abide by a strong set of fair information practices. For more information, see the EPIC Postal Privacy Page. (Aug. 13)
- FTC Files Brief Supporting Banks Against Privacy Law. The Federal Trade Commission and other federal agencies have filed an amicus brief (pdf) supporting national banks in their bid to invalidate a strong California financial privacy law. California Attorney General lamented that, 'These agencies are supposed to protect consumers. Apparently, they prefer protecting the profits of banks." For more information, see the EPIC ABA v. Lockyer Page. (Aug. 13)
- EPIC Files Brief Arguing Against Secret Law. EPIC has filed a "friend of the court" brief (pdf) in Gilmore v. Ashcroft, a case challenging a federal district court's refusal to determine the basis for the government's unpublished requirement that passengers must present identification to fly upon commercial airlines. EPIC's brief argues that the district court's failure to examine the government's authority to enforce the requirement permits the government to impose secret law upon the public, thus avoiding meaningful review by courts as required by the Constitution. For more information, see EPIC's Passenger Profiling Page. (Aug. 9)
- FCC Imposes Rules on Internet Telephony; Bans Wireless Spam. The Federal Communications Commission has tentatively determined (pdf) that Internet phone calls are subject to wiretapping by law enforcement under the Communications Assistance for Law Enforcement Act (CALEA). EPIC had filed comments (pdf) earlier this year explaining that Internet telephony should not be subject to CALEA. Consistent with comments filed by EPIC in April, the Commission also ruled (pdf) that marketers cannot send commercial e-mail to wireless devices without the explicit consent of the consumer, a much stronger protection against spam than that provided by the CAN-SPAM Act passed by Congress last year. For more information, see EPIC's CALEA and Spam Pages. (Aug. 5)
- Court Rejects Agency Effort to Withhold CAPPS II Info Sought by EPIC. A federal judge has rebuffed (pdf) the Transportation Security Administration's claim that it does not have to release factual information, which is generally not shielded from disclosure under the Freedom of Information Act, within agency documents that are not finalized. The agency had refused to disclose to EPIC factual information within draft privacy impact assessments performed for the second generation Computer Assisted Passenger Prescreening System (CAPPS II) because such facts would "expose the deliberative process." Judge Colleen Kollar-Kotelly has ordered the agency to review the documents again for factual information that can be released, or to justify to the Court why it is unable to do so. For more information, see EPIC's Passenger Profiling Page. (Aug. 3)
- EPIC Report: Homeland Security Got Census Data on Arab Americans. EPIC has obtained heavily redacted documents through the Freedom of Information Act revealing that the Census Bureau provided the Department of Homeland Security statistical data on people who identified themselves on the 2000 census as being of Arab ancestry. There is no indication that the agency requested similar information about any other ethnic group. During World War II, the Census Bureau provided statistical information to help the War Department round up more than 120,000 innocent Japanese Americans and confine them to internment camps. For more information, see the EPIC Census FOIA Page. (July 30)
- Federal Agency Proceeds with Homeless Registration. The Department of Housing and Urban Development has approved new rules that require detailed tracking of homeless individuals. Homeless Management Information Systems (HMIS) creates requirements that all shelters collect Social Security Numbers, date of birth, and other information. For more information, see the EPIC Privacy and Poverty Page. (July 30)
- PI Holds 2004 UK Big Brother Awards. Privacy International held the 2004 UK Big Brother Awards in London to "name and shame" the greatest government and commercial offenders of personal privacy in the UK. US-VISIT, the vast American surveillance system that tracks visitors to, within, and from the United States, was presented the David Blunkett Lifetime Menace Award because it is "offensive and invasive, and has been undertaken with little or no debate or scrutiny." For more information, see the Privacy International Big Brother Awards Page. (July 29)
- Coalition Files Amicus Brief in EPIC's Support. A coalition of journalistic and civil liberties groups has filed a "friend of the court" brief (pdf) supporting EPIC in its suit against the Department of Justice in a federal appeals court. EPIC has asked the court to find that EPIC was entitled to expedited processing of a Freedom of Information Act request (pdf) seeking information about efforts of federal prosecutors to lobby against legislative revisions to the controversial USA PATRIOT Act. For more information, see the EPIC v. DOJ Page. (July 27)
- 9/11 Commission Releases Final Report. The National Commission on Terrorist Attacks has released its final report (pdf 7 MB) on the circumstances surrounding the 9/11 terrorist attacks and recommendations for guarding against attacks in the future. In his testimony (pdf) before the Commission in December, EPIC Executive Director Marc Rotenberg emphasized the important history of privacy protection, the problems with new systems of surveillance, and the specific need to preserve Constitutional checks and balances. EPIC has published a commentary on the recommendations of the report on the EPIC 9/11 Commission Page. (July 22)
- EPIC Sues Defense Dept. For Data Mining Info. In a complaint (pdf) filed in federal court this week, EPIC is seeking the expedited release of information concerning Verity K2 Enterprise, a Defense Intelligence Agency program that reportedly mines data from intelligence sources and Internet searches to identify foreign terrorists and U.S. citizens connected to foreign terrorism activities. The Defense Department failed to recognize the urgency of EPIC's request despite the conclusion of the Technology and Privacy Advisory Committee in its final report (3.5 MB pdf) that "rapid action is necessary to address the host of government programs that involve data mining concerning U.S. persons and to provide clear direction to the people responsible for developing, procuring, implementing, and overseeing those programs." (July 21)
- Maryland Court OKs Compelled DNA Production. The Maryland Court of Appeals has reversed (pdf) a lower court's finding that it is unconstitutional for the State to compel production of a DNA sample for law enforcement purposes unrelated to a particular investigation. In April EPIC submitted a "friend of the court" brief (pdf) in the case, arguing that it is unconstitutional to compel a DNA sample for the state's DNA database, which in turn feeds into the FBI's vast national DNA database. EPIC pointed out that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. For more information, see EPIC's Genetic Privacy Page. (July 16)
- Tom Ridge Says CAPPS II is Dead. It has been reported that Department of Homeland Security Secretary Tom Ridge has said the controversial second generation Computer Assisted Passenger Prescreening System, more commonly known as CAPPS II, has been scrapped. David Stone, acting administrator of the Transportation Security Administration, indicated earlier this week that the agency would not move forward with CAPPS II as originally envisioned. Stone acknowledged that CAPPS II's intrusion upon personal privacy contributed to the decision to reconsider the program. For more information, see EPIC's Passenger Profiling Page. (July 14)
- EPIC Recommends Privacy Protections for RFID. In testimony before the House Energy and Commerce Subcommittee on Consumer Protection, EPIC Policy Counsel Cedric Laurant urged Congress to adopt a framework of fair information practices to govern collection of personal information through RFID. The testimony follows detailed comments (pdf) filed at a Federal Trade Commission Workshop on RFID. For more information, see the EPIC RFID Page. (July 14)
- EPIC Urges Appeals Court to Reverse Ruling on PATRIOT Records. EPIC has filed a brief (pdf) asking a federal appellate court to reverse a lower court's refusal (pdf) to expedite the processing of a Freedom of Information Act request (pdf) seeking information about efforts of federal prosecutors to oppose legislative revisions to the controversial USA PATRIOT Act. EPIC argues that it is entitled to expedited processing because there was, at the time of the request, an urgency to inform the public about the matter. EPIC also argues that the prosecutors' activities were a matter of widespread and exceptional media interest and raised questions about the government's integrity. For more information about the case, see the EPIC v. DOJ Page. (July 13)
- 9/11 Commission Report Expected This Week. The National Commission on Terrorist Attacks will release this week its final report on the circumstances surrounding the 9/11 terrorist attacks and recommendations for guarding against attacks in the future. In testimony before the Commission in December, EPIC Executive Director Marc Rotenberg emphasized the important history of privacy protection, the problems with new systems of surveillance, and the specific need to preserve Constitutional checks and balances. (July 13)
- EPIC Highlights Role of SSN in Identity Theft. In a follow up letter to previous testimony on enhancing SSN privacy, EPIC and U.S. PIRG detailed the role that the SSN plays in identity theft. For more information, see the EPIC SSN Privacy Page. (July 2)
- EPIC Calls for Suspension of Registered Traveler Program. In formal comments (pdf) to the Transportation Security Administration, EPIC has urged the agency not to deploy the final phase of the Registered Traveler program until it conducts a full evaluation of the program's privacy implications. Citing the agency's record of secrecy and little regard for individual privacy interests in the development of programs such as CAPPS II, EPIC recommended that TSA revise its information collection and maintenance practices to comply fully with the intent of the Privacy Act. For more information, see EPIC's Passenger Profiling Page. (July 1)
- California SB 1 Upheld, Takes Effect Today. A federal judge has upheld (pdf 630k) California's SB 1, the strongest consumer financial privacy law in the country, which takes effect today. Under SB 1, individuals may opt-out of affiliate sharing, and banks are required to obtain opt-in consent before selling data to third parties. Bankers groups had challenged the law, arguing that the federal Fair Credit Reporting Act preempted it, but Judge Morrison C. England, Jr. ruled otherwise, holding that the federal Gramm-Leach-Bliley Act allows states to erect strong financial privacy protections. For more information, see EPIC's Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and Privacy Preemption Pages. (July 1)
- Supreme Court Maintains Block on Web Censorship Law. In a decision issued today, the U.S. Supreme Court has upheld a lower court injunction against enforcement of the Child Online Protection Act (COPA). EPIC joined a coalition of plaintiffs in a challenge to the Internet censorship law in 1998 and has served as co-counsel in the case. The Court found that the government has not shown that there are no "less restrictive alternatives" to COPA, and that "there is a potential for extraordinary harm and a serious chill upon protected speech" if the law goes into effect. For additional information, see EPIC's COPA Litigation page and EPIC's testimony concerning the privacy implications of COPA. (June 29)
- TSA: More Airlines Disclosed Passenger Data. Acting Transportation Security Administration administrator David Stone has admitted (pdf) to the Senate Governmental Affairs Committee that Delta, Continental, America West, JetBlue and Frontier Airlines disclosed passenger records to the agency's contractors in 2002 to test CAPPS II. The admission follows repeated denials to the public, Congress, General Accounting Office and Department of Homeland Security Privacy Office that the agency had acquired or used real passenger data from airlines to test the controversial passenger profiling system. Stone further disclosed that two of the world's largest airline reservation centers, Galileo International and Sabre, also provided passenger information to the agency. For more information, see EPIC's Passenger Profiling Page. (June 23)
- Accenture's US-VISIT Contract To Go Forward. The House has approved a Department of Homeland Security appropriations bill that will fund a multibillion dollar contract awarded to Accenture for development of the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program. Earlier this month, the House Appropriations Committee attempted to halt the contract because Accenture's parent company is headquartered in Bermuda. For more information about the US-VISIT program, see EPIC's US-VISIT Page. (June 22)
- EPIC Urges FTC to Safeguard Consumers' Interests at RFID Workshop. In testimony to the Federal Trade Commission on radio frequency identification technologies, EPIC called for the adoption of strong privacy guidelines to protect consumers against potential abuses of the tracking technology. For more information see the EPIC RFID web page. (June 21)
- Supreme Court Finds Hiibel Arrest Constitutional. In a 5-4 decision authored by Justice Kennedy, the Supreme Court has narrowly upheld a Nevada law allowing law enforcement to arrest an individual when he refuses to identify himself and reasonable suspicion -- though not probable cause -- exists that he has committed a crime. Justices Stevens and Breyer wrote dissenting opinions. For more information about the case, see EPIC's Hiibel v. Sixth Judicial District of Nevada Page. (June 21)
- EPIC Opposes Cybercrime Convention. In a statement to the Committee on Foreign Affairs, EPIC has urged the United States Senate to oppose ratification of the Council of Europe Convention on Cybercrime. EPIC cited the sweeping expansion of law enforcement authority, the lack of legal safeguards, the impact on US Constitutional rights, and the fact that few European governments have themselves agreed to be bound by the treaty's provisions. See the EPIC Cybercrime Convention web page. (June 17)
- Senate Hearing on Cybercrime Convention. The US Senate Committee on Foreign Relations will hold a hearing on June 17 on the Council of Europe's Convention on Cybercrime. President Bush asked the Senate last November to ratify the treaty. However, few European governments have ratified it. Several commentators have criticized the treaty as fundamentally bad because it threatens civil liberties, fails to provide restraints against abuse, and is simply a law enforcement 'wish list' that was drafted in secret without meaningful opportunities to comment from other stakeholders. For more information, see the EPIC Cybercrime Convention web page. (June 15)
- EPIC Recommends Protections for the SSN. In testimony to the House Ways and Means Subcommittee on Social Security, EPIC argued that Congress should create legislative protections for the Social Security Number (SSN). EPIC praised Subcommittee Chairman Shaw for introducing legislation that limited SSN use in the public and private sector, and made recommendations to strengthen protections. For more information, see the EPIC SSN Page. (June 15)
- ICANN Seeks Public Comments on New Policy Reports. The Internet Corporation for Assigned Names and Numbers (ICANN) has requested public comment on their preliminary WHOIS reports. The WHOIS database is a public directory of domain registrant data including name, address, phone number and e-mail address, which is available and searchable online. Last year ICANN established three task forces to examine the privacy risks and develop WHOIS policy; they have just issued their three preliminary reports for public comment which will last only until June 17. For more information visit the Public Voice web page. (June 11)
- US-VISIT Contract in Doubt. The House Appropriations Committee has moved to suspend the Department of Homeland Security's contract with Accenture, a non-U.S. based corporation, for development of the US-VISIT program. Privacy concerns about the massive border control system have also been raised. For more information, see EPIC's US-VISIT Page. (June 10)
- CA AG Acknowledges Gmail Privacy Risk. California Attorney General Bill Lockyer has acknowledged a letter sent by EPIC, Privacy Rights Clearinghouse, and World Privacy Forum that argued that Google's Gmail service violates the State's strict wiretapping laws. Lockyer wrote (pdf): "The potential exposure of Gmail users to liability for violation of Penal Code section 631 is of particular concern, as are the rights of those who are not subscribers to Gmail but who send e-mail to those who are." Lockyer advised that his office will continue to analyze Gmail and that "I understand your position and share many of your concerns." (June 9)
- EPIC Sues Agencies for Passenger Data Disclosure Info. In court papers (pdf) filed today, EPIC is seeking the expedited release of records from the Transportation Security Administration and Federal Bureau of Investigation detailing the agencies' efforts to obtain passenger information from major commercial airlines. A document (pdf) obtained by EPIC earlier this year led to the revelation that the FBI collected a year's worth of passenger information from numerous airlines after 9/11. Despite substantial media coverage of the matter and Congressional concern about government acquisition of such data, the FBI has refused to expedite EPIC's disclosure request. For more information about passenger data disclosures, see EPIC's page on the Northwest Airlines disclosure. (June 9)
- Accenture Awarded US-VISIT Contract. A U.S. corporation based in Bermuda will receive more than $10 billion from the Department of Homeland Security to build US-VISIT, a massive government surveillance system that tracks visitors to, within, and from the United States. In February, EPIC urged (pdf) the agency to define how Privacy Act obligations affect the program, to consider the significance of international privacy standards in the collection and use of personal information on non-U.S. citizens, and to prohibit the expansion of US-VISIT uses beyond the program's defined mission. These issues remain unresolved. For more information about the program, see EPIC's US-VISIT Page. (June 1)
- EPIC Releases Public Voice WSIS Sourcebook. EPIC has published The Public Voice WSIS Sourcebook, a resource to promote a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official United Nations documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action. There is also a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. For more information about this and other EPIC publications, see the EPIC Bookstore. The Public Voice is a project started by EPIC to promote the involvement of the public and non-profit community in policy decisions concerning the Internet. (May 28)
- Study Finds Extensive Data Mining in Federal Agencies. The General Accounting Office has issued a report (pdf) that identifies almost 200 data mining projects throughout the federal government that are either operational or in the planning stage. Many of them make use of personally identifiable data obtained from private sector databases. Sen. Daniel Akaka, who requested the study, released a statement and said, "It is time that we review agency practices and existing law to ensure that the privacy rights of individuals are not violated through the development of new technology." (May 27)
- Coalition Urges Restricted Use of Medical Data in Credit Decisions. EPIC and a coalition of privacy advocacy organizations filed comments (pdf) with five federal agencies which issued a proposed regulation under the Fair and Accurate Credit Transactions Act. The coalition supported the regulation's general prohibition on creditors obtaining or using medical information about a consumer in connection with deciding whether the consumer is eligible for credit. We urged that financial institutions not be permitted to routinely request consent to obtain medical information and that affiliate sharing be limited. For more information, see EPIC's Medical Privacy and FCRA pages. (May 25)
- Senator Leahy to Receive EPIC Award. Senator Patrick Leahy will receive the EPIC Champion of Freedom Award at the upcoming policy conference "Freedom 2.0: Distributed Democracy, Dialogue for a Connected World" for his work to safeguard civil liberties, protect privacy, and promote open government. See EPIC's press release for more information about Senator Leahy's award and the conference. (May 18)
- Committee Calls for Data Mining Privacy Protections. The Technology and Privacy Advisory Committee has issued a report (3.5 MB pdf) recommending that Congress pass laws to protect civil liberties when the government sifts through computer databases containing personal information. The committee, established to review the Defense Department data mining initiatives after the Total Information Awareness fiasco, also proposed that federal agencies be required to obtain authorization from a special federal court "before engaging in data mining with personally identifiable information concerning U.S. persons." For more information, see the EPIC Total Information Awareness Page. (May 17)
- Icelandic Supreme Court: DNA Project Unconstitutional. Iceland's highest court has ruled (pdf) that the Icelandic government's deal with a genetics research company permitting access to medical records of the country's population for DNA research is unconstitutional. An Icelander sued to block the company from obtaining her health records as well as her dead father's, arguing that data in them could infringe her privacy because she shares half his DNA. The court found that the law authorizing the company to develop a medical record database is unconstitutional because its privacy safeguards are inadequate. For more information about medical and DNA privacy, see Privacy & Human Rights 2003, as well as EPIC's Medical and Genetic Privacy Pages. (May 17)
- Video Voyuerism Bill Cleared for Final Passage. The Video Voyeurism Prevention Act, S. 1301, has been reported out of the House Judiciary Committee, clearing it for consideration by the entire House of Representatives. Sponsored by Senator Michael DeWine (R-OH), the bill received bipartisan support and passed the Senate by unanimous consent in September 2003. The bill would enhance privacy by prohibiting surreptitious photography of certain parts of an individual's unclothed body or undergarments without his or her consent. For more information, see the EPIC Gender Privacy Page. (May 13)
- 2003 Surveillance Report: Secret Warrants Surpass Standard Warrants. The 2003 Foreign Intelligence Surveillance Act Annual Report (pdf) reveals that the Foreign Intelligence Surveillance Court granted 1724 applications for secret surveillance last year, more than in any previous year. The report shows that 2003 was the first year ever that more secret surveillance warrants were granted than federal wiretap warrants, which are issued only under a more stringent legal standard. The PATRIOT Act significantly expanded the government's authority to make use of secret surveillance, including in circumstances where part of the investigation is unrelated to an intelligence investigation. The report also reveals that a small number of applications for secret surveillance were denied in 2003 for the first time ever. For more information, see EPIC's FISA Page. (May 7)
- Experts Urge Oversight of Voting Systems. Members of the National Committee for Voting Integrity have written to the newly established Election Assistance Commission calling for better oversight of touchscreen voting systems. The experts have called for new auditing mechanisms, such as a voter verified paper ballot. A press conference will be held today at 5 PM. More information at the EPIC Voting Page. (May 5)
- Groups Call for Investigation of Gmail. EPIC, Privacy Rights Clearinghouse, and the World Privacy Forum have urged the Attorney General of California to investigate Google's Gmail service, as it scans the content of individuals' e-mails for targeted marketing in violation of California's wiretapping laws. The groups also called upon Google to suspend the service again, as Gmail users could be liable for violations of the law. Last month, thirty-one privacy and civil liberties groups wrote to Google, asking the company to voluntarily suspend the service. (May 3)
- EPIC Lawsuit Reveals Massive Disclosure of Air Passenger Data to FBI. According to information obtained by EPIC through Freedom of Information Act litigation, the Federal Bureau of Investigation obtained one full year's worth of Northwest Airlines passenger data after 9/11. The amount of personal data was so large that Northwest provided the data to the FBI on 6000 CDs. In an article based upon this new information, the New York Times has confirmed the disclosure of passenger data to the FBI -- by Northwest as well as other U.S. air carriers. Other information obtained by EPIC details the acquisition and use of Northwest passenger data by the National Aeronautics and Space Administration. See EPIC's Northwest Data Disclosure page for additional information and links to relevant documents. (Apr. 30)
- 2003 Wiretap Report Released; No Requests Refused. The Administrative Office of the United States Courts has reported that state and federal courts authorized 1,442 interceptions of wire, oral and electronic communications in 2003, an increase of 6 percent over interceptions authorized in 2002. The agency also reported that federal officials requested 578 intercept applications in 2003, a 16 percent increase over those requested in 2002. No wiretap applications were denied last year. Although formal statistics have not yet been released, it is believed that secret foreign intelligence surveillance has increased dramatically during the same period. For more information, see the EPIC Wiretap Page. (Apr. 30)
- EPIC Advocates Opt-In Privacy for Wireless Devices. In comments to the Federal Communications Commission, EPIC urged the agency to create opt-in protections against "mobile service commercial messages," spam that is sent to cellular phones and other wireless devices. EPIC argued that without protections from these messages, individuals would be less likely to adopt wireless devices and that the cost of the messages would be transferred onto the device user. For more information, see the EPIC Telemarketing and Spam Pages. (Apr. 30)
- Justice Dept. Withdraws Records Subpoena. The Department of Justice has ended its efforts to obtain abortion records from New York-Presbyterian Hospital by withdrawing its subpoena for these records. The DOJ was seeking the records for its defense of the Partial Birth Abortion Ban Act in a trial taking place in the federal court for the Southern District of New York. The hospital had appealed the subpoena to the 2nd Circuit Court of Appeals, and the appeal was pending while the trial was in progress. By withdrawing its subpoena, DOJ has cleared the way for closing arguments in the trial. For more information, see EPIC's Medical Privacy Page. (Apr. 27)
- EPIC Files Brief in Maryland DNA Database Case. EPIC has filed a "friend of the court" brief (pdf) in Maryland v. Raines, a case that will determine whether it is unconstitutional to compel a DNA sample for the state's DNA database, which in turn feeds into the FBI's vast national DNA database. EPIC pointed out that in many areas Maryland provides stronger privacy protection than the federal Fourth Amendment. EPIC also rebutted the government's claim that DNA collection is no different than fingerprint collection. For more information, see EPIC's Genetic Privacy Page. (Apr. 27)
- EPIC, PI hold Big Brother Awards. EPIC and Privacy International held the 2004 US Big Brother Awards at the Conference on Computers, Freedom and Privacy. California Senator Liz Figueroa received a Brandeis Award for her excellent work to protect and champion privacy. "Most Invasive Proposal" went to Seisint for its role in creating the Multistate Anti-Terrorism Information Exchange Program (MATRIX). "Worst Agency" went to the Transportation Security Administration for its operation of the "No-Fly" lists. "Greatest Corporate Invader" went to NorthWest Airlines for its provision of passenger information to the government. For more information, see the Privacy International Big Brother Awards Page. (Apr. 21)
- FTC Urged to Create Privacy-Friendly Free Credit Report Site. In comments to the Federal Trade Commission, EPIC and Professor Dan Solove argued that the agency should implement a privacy-friendly central source for free credit reports. This centralized source, which was created by Congress in recent amendments to the Fair Credit Reporting Act, should provide free credit reports without allowing its users' data to be sold by credit reporting agencies. For more information, see the EPIC FCRA Page. (Apr. 16)
- Senators Want Answers About Passenger Data Collection. The Chairman and Ranking Member of the Senate Committee on Governmental Affairs have sent a letter (pdf) to the Department of Homeland Security demanding information about American Airlines' disclosure of more than a million passenger records in 2002 to government contractors at the agency's request. The airline's admission contradicted the agency's previous assurances that it had never used passenger data to test the controversial CAPPS II passenger profiling system. For more information, see EPIC's Passenger Profiling Page. (Apr. 15)
- EPIC Urges FCC to Reject Expansion of CALEA. EPIC has filed comments urging the Federal Communications Commission to reject the request of federal law enforcement agencies to expand the Communications Assistance for Law Enforcement Act (CALEA) to cover Internet Service Providers and "Voice over IP" services. Such an expansion contravenes Congressional intent, it would allow law enforcement to capture information on non-suspects, and the law enforcement agencies have not demonstrated a need for expanding CALEA. For more information, see EPIC's CALEA Page. (Apr. 12)
- American Admits Disclosing Passenger Data. American Airlines has announced that Airline Automation, a vendor working for the airline, turned over 1.2 million passenger records in June 2002 to four companies that were competing for contracts with the Transportation Security Administration. The airline authorized the records to be disclosed to the agency, which then directed Airline Automation to give the data directly to the potential contractors. JetBlue and Northwest have made similar disclosures of passenger information. The Northwest disclosure was revealed through EPIC's FOIA work. (Apr. 9)
- Coalition Calls for Suspension of Google Mail Scanning. Twenty eight privacy and consumer groups have called for a suspension of Google's Gmail service, which would scan the text of individuals' e-mails in order to target advertisements. The service represents an unprecedented intrusion into the content of communications, and poses heightened risks of law enforcement access to e-mail messages. (Apr. 7)
- EPIC Urges Agency to Reject Biometrics. In comments to the Department of the Treasury, EPIC urged the agency not to deploy biometric systems in order to attempt to curb identity theft. EPIC wrote that biometrics will not effectively curb identity theft and suggested less invasive alternatives, including placing a higher standard of care on credit issuers who cause identity theft by opening new accounts to impostors. For more information, see the EPIC Biometrics and Fair Credit Reporting Act Pages. (Apr. 1)
- EP Sends Passenger Data Negotiators to the Drawing Board. The European Parliament (EP) has voted today on a resolution (pdf) that criticizes a recent agreement (pdf) between the European Commission and the Department of Homeland Security on the disclosure of passenger name records of travelers flying to the US. The Member of the EP have called for more privacy protections for air passengers, have threatened to appeal to the European Court of Justice for violation of EU data protection laws, and have urged the European Commission to reach a more appropriate international agreement with the US. For more information, see EPIC's EU/US Passenger Data Disclosure Page. (Mar. 31)
- Canadian Court Blocks Access to ISP Customers' Info. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) and Electronic Frontier Canada were successful in persuading a federal court in Ottawa to block the request of major recording industry companies to unmask the identities of peer-to-peer filesharing users. The court held (680 kb pdf) that the recording industry had not established a public interest for disclosure that outweighed the individuals' privacy rights. (Mar. 31)
- EPIC Comments on Do Not E-mail Registry. In comments to the Federal Trade Commission, EPIC supported the creation of a Do Not E-mail Registry. If created, the Registry should list domain-level information rather than individual e-mail addresses. For more information, see the EPIC Spam Page. (Mar. 31)
- Supreme Court Upholds Withholding of Autopsy Photos. In a case that pitted privacy rights against public access rights, the Supreme Court unanimously has approved the withholding of autopsy photos of the late Vincent Foster, a senior official in the Clinton White House. Foster's death was ruled a suicide following several investigations, but some have questioned that conclusion. The Court found that Foster's family has a privacy interest in the records, and held that the privacy interest trumped the FOIA requester's right to obtain the graphic photos. (Mar. 31)
- EPIC Joins Campaign Against Biometric Identification. Civil liberties organizations have sent a letter to the International Civil Aviation Organization (ICAO) regarding their plans to include biometric identifiers such as fingerprints and facial scans on all newly issued electronic passports. The letter, organized by Privacy International, warns this will lead to the first truly global database of biometric information. For more information, see the EPIC Air Travel Privacy page and the EPIC Biometrics page. (Mar. 30)
- EPIC Urges Agencies to Improve Notice, Opt-Out. In comments to agencies that regulate financial services companies, EPIC urged the creation of clear, simple privacy notices and user friendly opt-out procedures. For more information, see the EPIC Gramm-Leach-Bliley Page. (Mar. 29)
- Federal Court Hears National DNA Database Case. The United States Court of Appeals for the Ninth Circuit heard oral argument today in United States v. Kincade, a case concerning whether a parolee can be forced to provide a DNA sample for the FBI's vast national DNA database. EPIC has submitted a "friend of the court" brief (pdf) in the case, arguing that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. For more information, see EPIC's Genetic Privacy Page. (Mar. 23)
- NY Judge Orders Release of Abortion Records. A federal district court judge has ordered New York-Presbyterian Hospital to turn over to the Justice Department records on abortions performed there. Judges in San Francisco and Chicago have denied similar requests for records. Three simultaneous trials on the constitutionality of the Partial Birth Abortion Ban Act are scheduled for March 29 in San Francisco, New York and Omaha, Nebraska. For more information, see EPIC's Medical Privacy page. (Mar. 23)
- 9/11 Commission to Look at Antiterrorism Policy. This week the National Commission on Terrorists Attacks will hear from key administration officials at a public hearing on Counterterrorism Policy. The hearing follows recent accusations by former antiterrorism official Richard Clarke that President Bush botched antiterrorism efforts, as well as the Commission's frustration with the White House's reluctance to testify. In testimony before the Commission in December, EPIC Executive Director Marc Rotenberg emphasized the important history of privacy protection, the problems with new systems of surveillance, and the specific need to preserve Constitutional checks and balances. (Mar. 23)
- Supreme Court to Hear Compelled ID Case. On Monday the Supreme Court will hear oral argument (pdf) in Hiibel v. Sixth Judicial District Court of Nevada, a case in which the Court will determine whether an individual may refuse to identify himself to police when there is no probable cause to arrest. EPIC has filed a "friend of the court" brief (pdf) in the case. A decision is expected this spring. For more information, see EPIC's Hiibel v. Nevada page. (Mar. 19)
- EPIC Testifies on CAPPS II Profiling System. In testimony (pdf) today before the House Aviation Subcommittee, EPIC General Counsel David Sobel said there is reason to doubt whether the CAPPS II passenger profiling system can ever function in a manner that protects privacy and provides citizens with basic due process rights. Sobel cited recent General Accounting Office findings (pdf) that serious privacy problems in the system have not yet been addressed. See EPIC's Passenger Profiling page for background information. (Mar. 17)
- EPIC's Open Government Work Recognized With Madison Award. The American Library Association today presented its annual James Madison Award to EPIC General Counsel David Sobel. The ALA cited EPIC's use of the Freedom of Information Act to make public government records concerning the FBI's Carnivore surveillance system and disclosures of airline passenger data. The James Madison Award honors "those who have championed, protected, and promoted public access to government information and the public's right to know." See EPIC's new 2004 FOIA Gallery for highlights of the past year's FOIA disclosures. (Mar. 16)
- DC Council Unveils DC Police's Spying Practices. The D.C. Council's Judiciary Committee has approved a report recommending legislation to restrict the Metropolitan Police Department's surveillance of political organizations and preemptive arrests of protesters. This report, the result of a 9-month investigation into MPD's handling of recent demonstrations, reveals that the police used undercover officers to infiltrate political groups not suspected of any criminal activity, and repeatedly violated its own rules for handling demonstrations including crowd control and mass arrests. For additional information, see EPIC's Video Surveillance and Protester Privacy pages. (Mar. 16)
- DOJ Ends Efforts to Obtain Medical Records. The Department of Justice has dropped its efforts to obtain medical records from Planned Parenthood clinics after US District Court Judge Phyllis J. Hamilton denied the motion to compel production of the records. DOJ claimed that the medical records were necessary for its defense in a suit brought by several abortion providers alleging that the Partial Birth Abortion Ban Act of 2003 is unconstitutional. The judge agreed with the privacy advocates who opposed the release of records, even with the patients' names removed, because the release would violate the privacy of the women involved. For additional information, see the EPIC Medical Privacy Page. (Mar. 11)
- EPIC Supports IPv6 Deployment. EPIC has filed comments (pdf) with the Department of Commerce urging the deployment and use of strong privacy protecting technologies in IPv6, the protocol designed to replace the current network protocol used on the Internet. EPIC recommended that all IPv6 vendors make privacy and security enhancing features such as encryption standard. EPIC also said that the privacy and security features within IPv6 should not be compromised with vulnerabilities by the application of the Communications Assistance to Law Enforcement Act, which would threaten both the security of network communications and the stability of the network architecture. (Mar. 9)
- EPIC Replies to Northwest's Defense of Privacy Policy Breach. EPIC has filed a reply (pdf) to Northwest Airlines' attempt to justify (pdf) its unlawful disclosure of millions of passenger records to the federal government. EPIC pointed out that Northwest did not tell passengers that it would disclose personal information to the government without the knowledge or consent of those passengers, despite the fact that the airline specifically mentioned other uses of passenger information in its privacy policy. EPIC also noted that after JetBlue Airways disclosed passenger information to a Defense Department contractor, a spokesman for Northwest and the airline's CEO assured the public that Northwest would not make such disclosures. For more information, see EPIC's page on the Northwest disclosure. (Mar. 9)
- Northwest Defends Breach of Privacy Policy. In reply to a complaint filed by EPIC, Northwest Airlines has attempted to defend (pdf) its disclosure of millions of passenger records to NASA in violation of the airline's publicly posted privacy policy. Northwest claims that September 11 diminished "whatever minimal expectation of privacy in air travel [that] existed before." In January EPIC filed a complaint (pdf) with the Department of Transportation, arguing that the airline engaged in an unfair and deceptive practice when it disclosed passenger records to the federal government. A recent report (pdf) on a similar disclosure by JetBlue suggested that the federal Privacy Act was violated. For more information, see EPIC's page on the Northwest disclosure. (Mar. 3)
- EPIC Files Brief in National DNA Database Case. EPIC has filed an amicus brief (pdf) in United States v. Kincade, a Ninth Circuit case concerning whether a parolee can be forced to provide a DNA sample for the FBI's vast national DNA database. EPIC argues that the search violates the Fourth Amendment. The EPIC brief notes that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. For more information, see the EPIC Genetic Privacy Page. (Mar. 1)
- EPIC Appeals USA PATRIOT Act Lobbying Case. EPIC has asked a federal appeals court to review a lower court's refusal (pdf) to expedite the processing of a Freedom of Information Act request (pdf) seeking information about efforts of federal prosecutors to oppose legislative revisions to the controversial USA PATRIOT Act. EPIC argues that it is entitled to expedited processing because there was, at the time of the request, an urgency to inform the public about the matter. EPIC also argues that the prosecutors' activities were a matter of widespread and exceptional media interest and raised questions about the government's integrity -- the standard for expediting FOIA requests. For more information about the case, see the EPIC v. DOJ Page. (Feb. 26)
- Supreme Court Requires Actual Harm for Privacy Act Damages. The Supreme Court has ruled (pdf) in a 6-3 decision in Doe v. Chao that an individual must prove he has suffered actual harm before he can receive a $1,000 minimum statutory award when the government wrongfully discloses his Social Security Number. EPIC, along with a coalition of civil liberties organizations and technical and legal experts, filed a friend of the court brief (pdf) in the case, arguing that the Privacy Act provides damages for those who suffer "adverse effects," though no actual harm. For more information about the case, see the EPIC Doe v. Chao Page. (Feb. 24)
- EPIC Demands Accuracy for FBI Database. EPIC has sent a letter (pdf) to the Office of Management and Budget urging the reinstatement of accuracy requirements for the NCIC, the nation's largest criminal record database. Last year the FBI announced it would no longer follow Privacy Act obligations for record accuracy. More than eighty organizations have urged the OMB to reverse the FBI proposal. The OMB has yet to act. For more information, see the EPIC NCIC Page. (Feb. 20)
- Homeland Security Privacy Office Releases JetBlue Report. The Department of Homeland Security's Chief Privacy Office has released a report (pdf) criticizing the Transportation Security Administration's role in the controversial transfer of JetBlue passenger information to Defense Department contractor Torch Concepts for use in a data mining study. The report finds that "The TSA employees involved acted without appropriate regard for individual privacy interests or the spirit of the Privacy Act of 1974." In September, EPIC submitted a complaint to the Federal Trade Commission alleging that JetBlue and data broker Acxiom committed unfair and deceptive trade practices by disclosing personal information to Torch Concepts in violation of their publicly posted privacy policies. The complaint is still pending. (Feb. 20)
- Secret Data Collection Begins at Homeland Security. The Department of Homeland Security has begun the Protected Critical Infrastructure Information Program to gather data from the private sector on infrastructure vulnerabilities in the United States. The information will be withheld from the public under a controversial exemption to the Freedom of Information Act. For more information, see the EPIC Critical Infrastructure Protection Page. (Feb. 20)
- EPIC Testifies on Medical Privacy and Banking. In testimony before the National Committee on Vital and Health Statistics, the official advisory body to the Secretary of Health and Human Services, EPIC Senior Fellow Anna Slomovic discussed the need to improve protection for health information as it moves through the banking system. She stated that banks should not be exempt from the requirements of the HIPAA Privacy Rule and that health information flowing through the banking transaction network should be encrypted. For more information, see the EPIC Medical Privacy Page. (Feb. 19)
- Court Upholds Vermont Opt-In Insurance Privacy Law. A Vermont Superior Court has upheld (pdf) a state law that requires insurance companies to obtain opt-in consent before disclosing their customers' personal information to third parties. Vermont's opt-in standard is stronger than federal protections for privacy, and was designed to address the problem presented by "financial companies as high volume traffickers of consumers' intimate, personal information" For more information, see the EPIC Gramm-Leach-Bliley Page. (Feb. 18)
- Court Upholds Do-Not-Call Registry. The U.S. Court of Appeals for the Tenth Circuit has upheld (pdf) the Federal Trade Commission Do-Not-Call Registry against a legal challenge brought by telemarketers. The decision allows the continued operation of the list, allows the government to levy fees on telemarketers for its operation, and recognizes that the FTC has the authority to create and operate the list. For more information, see the EPIC Telemarketing and Do-Not-Call Timeline Pages. (Feb. 17)
- Court Denies Justice Dept. Request for Medical Info. A federal court has quashed (pdf) a Justice Department subpoena seeking medical records of forty women who received late-term abortions at an Illinois hospital, citing the Health Insurance Portability and Accountability Act and state medical privacy law. For more information, see EPIC's Medical Privacy Page. (Feb. 12)
- GAO Report Casts Doubt on Future of Air Profiling System. A General Accounting Office report to Congress (pdf) finds that the Transportation Security Administration has failed to resolve seven of eight specific concerns raised by the controversial Computer Assisted Passenger Prescreening System, putting the program's future in doubt. The report also finds that TSA has failed to provide an "assurance that the system will fully comply with the Privacy Act." In September Congress blocked deployment of the program until the GAO could certify that, among other things, CAPPS II is accurate and ensures privacy, that safeguards exist to reduce the likelihood of abuse, and that a redress process exists for passengers who are mistakenly identified as threats. In related news, twenty-five members of Congress have sent a letter to President Bush urging "the adoption of a specific policy that makes clear the role of airlines in sharing consumer information with the federal government." For more information, see EPIC's Passenger Profiling Page. (Feb. 12)
- FBI Asks FCC to Delay Making VoIP Rules. The FBI recently asked the Federal Communications Commission to put off making rules to regulate Voice Over Internet Protocol (VoIP), a technology that allows Internet users to make phone calls over high-speed Internet connections, until the FCC addresses how VoIP communications can be monitored by law enforcement. In December, EPIC sent a letter to the FCC urging the agency to adopt privacy protections for VoIP. For more information, see EPIC's VoIP Page. (Feb. 5)
- Pentagon Scraps Internet Voting Project. Because of security concerns, the Pentagon has decided not to use the Secure Electronic Registration and Voting Experiment (SERVE), an Internet-based voting system designed to let U.S. citizens vote from overseas in the fall 2004 general election. Just days ago a peer review study reported "fundamental" security flaws in SERVE, and recommended that the system not be used in any election. For more information, see the EPIC Voting Page. (Feb. 5)
- DARPA Discussed Acxiom As TIA Data Source. A document (pdf) obtained by EPIC under the Freedom of Information Act shows internal communications among Defense Advanced Research Project Agency employees considering data broker Acxiom as a supplier of personal information for Total Information Awareness. A senior Acxiom official offered to help the agency with TIA, and suggested methods to avoid public scrutiny of the transfer of data from the company to the government. For more information, see the EPIC TIA Page. (Feb. 5)
- NJ Court Heightens Protections for Financial Info. A New Jersey Appeals Court has issued a decision (pdf) that provides stronger protection for financial records than is currently specified under federal law. In order to obtain financial records, the State now will have to obtain a search warrant or a grand jury subpoena and notify the target of the investigation. For more information, see the EPIC Right to Financial Privacy Page. (Feb. 5)
- Bush Requests Increased Funding for CAPPS II. In the fiscal year 2005 budget request, the Bush administration has proposed that $60 million be allotted for the Computer Assisted Passenger Prescreening System, known as CAPPS II, in 2005. The administration requested $45 million for fiscal year 2004. Additional funding for CAPPS II will depend on the results of a congressionally mandated study of the program's privacy implications, which is expected from the General Accounting Office on February 15. For more information about CAPPS II, see the EPIC Passenger Profiling Page. (Feb. 4)
- Bush Proposes $2.2 Billion for Justice Dept. IT. The Bush administration has proposed that the Justice Department be given $2.2 billion for information technology programs in fiscal year 2005, which would be a 6 percent increase in the agency's overall budget from fiscal year 2004. $34 million is slated to go toward the integration of fingerprint systems maintained by the FBI and former INS. A combined $64.5 has been requested for the Terrorist Screening Center, which will consolidate existing terrorist watch lists, and the Terrorist Threat Integration Center, which will allow law enforcement and the Department of Homeland Security to share information in terrorism investigations. (Feb. 4)
- Personal Info Toolkit Launched. The SWIPE Project has introduced a Data Toolkit, a collection of web-based tools that sheds light on personal data collection and usage practices in the United States. With the tools on the site, one can decode barcodes on licenses, request personal information files from data brokers, and use a "data calculator" to see how much personal information is worth on the market. For more information, see the EPIC Profiling Page. (Feb. 3)
- Doc's Show Source Code Sharing Arrangement. Presentations (2.2 MB pdf) and contract information (1.2 MB pdf) obtained under the Freedom of Information Act describe Microsoft's "Governmental Security Program." The program gives government access to Microsoft source code, which is currently closed to individual computer users. For more information, see the EPIC Palladium Page. (Feb. 2)
- Auditor: MD Voting Machines Vulnerable. An independent audit (2MB pdf; Appendix, 1.5 MB pdf) has found vulnerabilities in Maryland's electronic voting machines, which are made by Diebold. The investigation was ordered by Maryland Legislators and follows a July 2003 report (pdf) by Johns Hopkins and Rice University researchers, and a September 2003 report by SAIC. For more information, see the EPIC Voting Page. (Jan. 30)
- CAPPS Director Questioned About Passenger Profiling. Admiral Loy was questioned before a hearing of the National Commission on Terrorist Attacks on the United States about the operation of the Computer Assisted Passenger Profiling System. Loy acknowledged that 14.5% of all passenger are currently designated as "selectees" and that CAPPS is "gameable" and can be compromised. Statement of Admiral Loy. More at the EPIC Passenger Profiling page and the EPIC EU-US Airline Passenger page. (Jan. 28)
- IRS Backs Off Plan to Track E-Filers. The IRS has announced that it will not require software companies to flag individuals who electronically file their tax returns. The announcement reverses the agency's earlier decision to force private companies that produce tax preparation programs to flag certain users of the IRS Free File program. The program allows certain taxpayers, including elderly, young, and low-income individuals, to file their taxes for free online. For more information about taxpayer privacy, see EPIC's IRS Page. (Jan. 27)
- EPIC Sues NASA for Passenger Info Disclosure Records. EPIC has filed a Freedom of Information Act suit (pdf) against the National Aeronautics and Space Administration (NASA) seeking more information about Northwest Airlines' disclosure of passenger information to the agency. EPIC recently obtained documents revealing that the airline disclosed millions of passenger records to NASA for use in data mining and passenger profiling research. For more information, see EPIC's page on the Northwest disclosure. (Jan. 22)
- EPIC Files Privacy Complaint Against Northwest Airlines. In a complaint (pdf) filed with the U.S. Department of Transportation, EPIC alleges that Northwest Airlines engaged in an unfair and deceptive practice when it disclosed millions of passenger records to the federal government. The complaint requests a DOT investigation and the imposition of appropriate sanctions. See EPIC's page on the Northwest disclosure for additional information. (Jan. 20)
- EPIC FOIA Request Reveals that Northwest Gave NASA Info on Millions of Passengers. Documents obtained by EPIC under the Freedom of Information Act reveal that Northwest Airlines, in violation of its stated privacy policy, released records concerning millions of airline passengers to the National Aeronautics and Space Administration. The information was used in support of research into government data mining and screening systems. NASA retained the data for almost two years, and returned it to the airline only after the public outcry over a similar improper disclosure by JetBlue. See EPIC's press release for more information and links to relevant NASA documents. (Jan. 18)
- EPIC Urges Support for ID Theft Victims. EPIC and over a dozen consumer protection groups sent a letter (pdf) to the State Attorneys General urging them to accept identity theft affidavits. Acceptance of the affidavits allows identity theft victims to exercise important rights under the Fair Credit Reporting Act. For more information, see the EPIC FCRA Page. (Jan. 16)
- Supreme Court Schedules Argument in Hiibel ID Case. The Supreme Court has announced (pdf) that it will hear oral argument in Hiibel v. Nevada on March 22, 2004. This case presents an important opportunity for the Court to determine whether an individual may refuse to identify himself to police when there is no probable cause to arrest. EPIC has filed a "friend of the court" brief in the case. A decision is expected this spring. For more information, see EPIC's Hiibel v. Nevada page. (Jan. 16)
- High Court Okays Investigative Checkpoint Stops. The Supreme Court has held that police roadblocks are permissible when their purpose is to seek information about criminal activity. A man had challenged the police's ability to set up roadblocks when he was arrested for intoxication while stopped at a roadblock created to gather tips about a recent hit-and-run. The case, Illinois v. Lidster, is the latest development in the legal status of checkpoints. In 2000, the Court held that roadblocks for drug searches violated motorists' Fourth Amendment right of privacy. (Jan. 14)
- Supreme Court Won't Hear Challenge to Unprecedented Secrecy. The Supreme Court has refused to hear a challenge to the government's refusal to release the names of more than 700 individuals who were detained after the September 11 terrorist attacks, most of whom have been since deported. The case, Center for National Security, et al. v. Department of Justice, was brought by several plaintiffs, including EPIC, when the government refused to release the identities in response to a Freedom of Information Act request submitted by a broad coalition of civil liberties and human rights groups. (Jan. 14)
- EPIC Urges Privacy Protections for US-VISIT. EPIC has filed comments (pdf) in response to the Department of Homeland Security's announcement that it will collect biometric and biographic information in the Arrival Departure Information System (ADIS). ADIS is one of at least twenty existing information systems used by US-VISIT, the vast new program that tracks the travel of foreign nationals to and from the United States. EPIC argued that ADIS should not be exempt from Privacy Act requirements, and urged DHS to reduce a proposed 100-year data retention period and comply with international privacy standards. (Jan. 12)
- US-VISIT Privacy Impact Assessment Released, Questions Remain. The Department of Homeland Security has released a Privacy Impact Assessment (pdf) for the United States Visitor and Immigrant Status Indicator Technology, a massive new tracking system that will record biographic, biometric, and travel information of 28 million foreign visitors to the United States each year. The system was launched yesterday in U.S. airports and seaports. Questions remain about the system's data accuracy, redress procedures, and potential expansion for other uses. (Jan. 6)
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.