Previous EPIC Top News

PREVIOUS TOP NEWS
2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998
2008

Wiretaps Up by 20 Percent in 2007.According to the 2007 Wiretap report, federal and state courts issued 2,208 orders for the interception of wire, oral or electronic communications in 2007, compared to 1,839 in 2006. (Press release.) As in 2006, no applications for wiretap authorizations were denied by either state or federal courts. The total number of authorized wiretaps has grown in each of the five past calendar years, beginning in 2003. The 2007 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act of 1978 or interceptions initiated by the President outside the exclusive authority of the federal wiretap law and the FISA. See EPIC Wiretapping page. (Apr. 30).

EPIC Urges Commission to Impose Civil Penalties in Data Breach Settlements. Today, EPIC filed comments with the Federal Trade Commission urging the FTC to include civil penalties in settlements with TJX, Reed Elsevier, and Seisint. The FTC recently concluded investigations of the companies' weak security policies, and reached preliminary settlements that would impose security and audit responsibilities, but no financial penalties. The FTC's investigations arose from the companies' unrelated 2004-2005 data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in alleged financial fraud. EPIC noted that civil penalties were necessary to provide incentives for companies to better safeguard personal consumer data in the future, and observed that the FTC imposed $10 million in civil penalties in the Choicepoint case. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions page. (Apr. 28)

Supreme Court Upholds Voter ID Law. The U.S. Supreme Court today struck down a challenge to a voter ID law in Indiana. In 6-3 opinion (pdf), the majority said the state interests “are both neutral and sufficiently strong to require us to reject petitioners’ facial attack on the statute,” and the burden imposed on v oters was “minimal and justified.” Justice Souter wrote in dissent, “this statute imposes a disproportionate burden upon those without” government-issued photo IDs. EPIC had submitted a brief (pdf) detailing problems with the law. "Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state's voter ID system is imperfect, and relies on a flawed federal identification system." See EPIC pages on Crawford v. Marion County and Voter Privacy. (Apr. 28)

EPIC Testifies Before the Election Commission on New Voting Guidelines. EPIC Associate Director Lillie Coney testified before the Election Assistance Commission on the 2007 Voting System Guidelines. EPIC urged the Commission to "offer clear and effective guidance to states on issues of functional capability, hardware, software, telecommunication, security, quality assurance, and configuration of voting systems." The Commission is nearing the end of the second voting guidelines drafting process. For more information on the voting project, see EPIC's Voting Privacy page and the National Committee for Voting Integrity. (Apr. 24).

U.S. Senate Approves Genetic Privacy Legislation. The U.S. Senate today passed Genetic Information Nondiscrimination Act. The bill, which passed the Senate in 2003 but died in the House, was reintroduced on January 16. The genetic privacy bill addresses the risk that advances in genetics open new opportunities for medical progress and will also give rise to the potential misuse of genetic data to discriminate. The bill seeks to establish a national standard to prohibit genetic discrimination by health insurance providers and employers. Under the bill, these entities cannot require genetic testing, cannot determine premiums or eligibility for insurance or employment based on genetic information, and are limited in their collection and use of genetic data. The bill now goes back to the House; President Bush has said he supports the legislation. See EPIC's page on Genetic Privacy. (Apr. 24)

NJ Supreme Court: Subscribers Have Privacy Right In Their Internet Data. In a 7-0 ruling (pdf) today, the New Jersey Supreme Court upheld a lower court ruling (pdf) and found that Internet service providers must protect user information and a valid subpoena is needed before the providers can disclose private data about subscribers. “We now hold that citizens have a reasonable expectation of privacy, protected by Article I, Paragraph 7, of the New Jersey Constitution, in the subscriber information they provide to Internet service providers – just as New Jersey citizens have a privacy interest in their bank records stored by banks and telephone billing records kept by phone companies,” the court ruled. Last year, EPIC joined five groups in filing a "friend of the court" brief (pdf) to the NJ Supreme Court in New Jersey v. Reid. In their brief, the groups explained, "This case raises far-reaching questions about the scope of privacy protection in the electronic environment," especially because subscriber information "can reveal substantially more about an individual than, for example, the phone numbers she dials." (Apr. 21)

EPIC Seeks Documents About Federal Influence on Fusion Center Transparency and Privacy.EPIC filed an open government request (pdf) with the Texas Department of Public Safety today. EPIC's request seeks documents about the federal government's role in the Texas Fusion Center's transparency and privacy policies. The White House's official position (pdf) requires fusion centers to respect state open government and privacy laws. However, EPIC recently obtained documents (pdf), through FOI litigation, that reveal federal involvement in limiting Virginia's open government and privacy protections. For more information, see EPIC's Fusion Center page and EPIC's EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill page. (Apr. 18)

International Privacy Officials Recommend Social Networking Privacy Safeguards. The International Working Group On Data Protection in Telecommunications has released a report and guidance (pdf) on privacy in social networking services. The report identifies risks to privacy and security, and provides guidance to regulators, service operators and users to counter these risks. Risks include the large amount of data collection; the misuse of profile data by third parties; insecure infrastructure and application programming interfaces. Regulators should ensure openness, and oblige data breach notification. Providers must be transparent; live up to promises made to users; and use privacy friendly defaults. Privacy and consumer groups are also recommended to raise the awareness of regulators, providers and the general public. For more information, see EPIC pages on Social Networking and Facebook Privacy. (Apr. 17)

Senate Subcommittee Questions Officials Regarding Fusion Centers.Today, the Senate Subcommittee on State, Local, and Private Sector Preparedness and Integration held a hearing on "fusion centers" - intelligence databases that collect information on ordinary citizens. The Subcommittee questioned federal and state officials about fusion center progress, and witnesses testified regarding fusion center funding, development, and civil liberties issues. EPIC previously wrote to the Subcommittee about the impact of fusion centers on state open government and privacy laws. Through Freedom of Information Act litigation, EPIC is investigating the role of federal agencies in exempting fusion centers from state open government and privacy laws. For more information, see EPIC's Fusion Center page and EPIC's EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill page. (Apr. 17)

EPIC Urges Strong Consumer Protections in RFID Legislation in New Hampshire. In response to a request from the New Hampshire Senate, EPIC today expressed support (pdf) for HB 686, concerning radio frequency identification (RFID) technology. "The legislation would establish important safeguards for New Hampshire residents including: (1) penalties for illegal use of RFID technology; (2) a private right of action for individuals; (3) restrictions on the use of RFID technology by the State of New Hampshire with few exceptions; (4) prohibitions on electronic tracking of individuals without a valid court order or consent; and (5) prohibitions against forced implantation of RFID devices in humans." EPIC also recommended the NH Senate "also (1) address unique identifiers linked to databases containing personally identifiable information, and (2) label RFID readers and interrogators, as well as RFID tags and products containing tags." See EPIC's page on RFID. (Apr. 14)

Alaska Joins Other States in Rejecting REAL ID System. Just two weeks after DHS granted all 56 states and territories extensions that would allow state licenses and ID cards to remain “valid for federal purposes” past May 11, 2008, Alaska has passed legislation against the REAL ID national identification scheme. SB 202 (pdf) states, "A state agency may not expend funds solely for the purpose of implementing or aiding in the implementation of, the requirements of the federal Real ID Act of 2005." DHS has said it “made extensions available for states that needed additional time to come into compliance, or to complete ongoing security measures,” implying that states that received extensions had agreed to implement the national identification system. However, Alaska is one of several states that has declared unequivocally that it will not implement the REAL ID scheme. See EPIC's page on National ID Cards and the REAL ID Act. (Apr. 11)

EPIC Obtains Documents Revealing Federal Role In State Fusion Center Secrecy. Pursuant to a Freedom of Information Act lawsuit, EPIC has obtained a Memorandum of Understanding between the FBI and the Virginia State Police that limits the state's open government law. The agreement requires the state agency to comply with federal regulations that restrict the disclosure of public records about the Virginia Fusion Center that would otherwise be available to the public. But many other documents that EPIC is seeking about the fusion center and communications between the State Police and federal agencies have not yet been disclosed. At a hearing today in Richmond, a District Court judge required the State Police to produce all records that EPIC has sought by Monday, April 14. The Virginia Governor is currently considering a bill that would limit the state's open government and privacy laws for the Virginia Fusion Center. For more information, see EPIC v. Virginia Department of State Police. (Apr. 9)

European Privacy Officials: Privacy Rules Apply to Search Engines. European privacy officials have established "a clear set of responsibilities" on search engine companies regarding their handling of user data. The opinion, issued by the Article 29 Working Group, states that the European Union Data Protection Directive requires search engines to "delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose" for which they were collected. This requirement has particular significance for search engines, because European privacy rules classify Internet Protocol (IP) addresses as "personal data." The opinion further holds that European privacy laws generally apply to search engines "even when their headquarters are outside [Europe]," and requires that search engines must delete personal data within six months of collection. Earlier this year, EPIC urged the European Parliament to protect the privacy of search histories. For more information, see EPIC's Search Engine Privacy page. (Apr. 7)

EPIC Urges Senate Committee to Press FTC on Consumer Privacy and FOIA Obligations, Proposes Budget Cut for Agency.Today, EPIC asked the Senate Commerce Committee to press the Federal Trade Commission on the Commission's failure to adequately protect consumer privacy and failure to operate transparently. EPIC highlighted the Commission's failure to require privacy safeguards as a condition of the recent Google-Doubleclick merger. EPIC also detailed the FTC's handling of FTC Chairman Deborah Platt Majoras’ apparent conflict of interest in the merger review, and noted that the FTC has failed to disclose records relating to Jones Day's involvement in the merger review. The Senate Commerce Committee will hold hearings regarding the Commission's reauthorization on April 8, 2008. EPIC urged the Committee to cut the Commission's budget by 5% based on the Commission's lack of commitment to consumer privacy and open government. For more information, see EPIC's page on Privacy? Proposed Google/Doubleclick Deal. (Apr.7)

Congress Holds First Hearing on Online Virtual Worlds, Simulcast in Second Life. The House Commerce Committee held a hearing today on "Online Virtual Worlds: Applications and Avatars in a User-Generated Medium." It was the first simulcast of a Congressional hearing in a virtual world. In the Chairman's Opening Statement, Rep. Ed Markey (D-MA) described the hearing as "both a glimpse into the future and a window into the current reality of millions of people across the world." The most recent edition of the EPIC Privacy and Human Rights report contains a "country report" on Second Life. (Apr. 1)

DHS Hits Roadblocks In Demanding State Implementation of REAL ID System. Several states are rejecting the Department of Homeland Security’s REAL ID program, which would create a national identification system. States have until March 31 to ask the agency for an extension that would allow state licenses and ID cards to remain “valid for federal purposes.” Four states (Maine, Montana, New Hampshire and South Carolina) have expressly rejected the system and none asked for an extension. DHS has given Montana an extension, though the governor said (pdf) the state would never implement REAL ID. California (pdf) is among the states that requested an extension but said it did not agree to implement the national identification system. The REAL ID proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates, and security experts (pdf). EPIC has called the scheme "a real danger to security and civil rights." See EPIC’s page on National ID Cards and the REAL ID Act. (Mar. 24)

EPIC Sues to Compel Disclosure of Documents About Federal Role in Virginia Secrecy Bill. Today, EPIC filed a Virginia Freedom of Information Act lawsuit (pdf) challenging the Virginia State Police's failure to make public documents relating to the role of federal agencies in recent legislative efforts to limit the state's open government and privacy laws for "fusion centers." These intelligence databases collect information on ordinary citizens and have raised substantial privacy concerns. Press reports and statements from Virginia officials have raised questions about federal involvement in the Virginia legislation. The lawsuit follows EPIC's original requests (pdf). For more information, see EPIC's page Information Fusion Centers and Privacy. (Mar. 21)

UPDATE - Clinton, McCain, Obama Privacy Breached - Contractors Accessed Passport Files. The State Department has determined that three private contractors accessed the confidential passport file of Presidential candidates Hillary Clinton, John McCain, and Barack Obama. The FBI has opened an investigation. Government records are protected under the Privacy Act of 1974. Additional safeguards are in place for prominent persons, but Privacy Act enforcement across the federal government remains low and agencies frequently claim exemptions. Senator Clinton has also proposed a Privacy Bill of Rights to update the law and improve enforcement. (Mar. 21)

EPIC Urges Alaska Senate to Protect Consumers From RFID Misuse In testimony (pdf) to the Alaska Senate Judiciary Committee today, EPIC Senior Counsel Melissa Ngo supported Alaska’s SB 293, which included prohibitions against unauthorized scanning and reading of RFID tags and against allowing RFID technology users’ to require continued activation of RFID tags in order for consumers “to exchange, return, repair, or service an item that” contain RFID tags. However, EPIC recommended four changes to the bill: “(1) including regulations on the use of unique identifiers and the profiles that can be created; (2) including an enforcement provision with a private right of action; (3) stronger provisions on deactivation of tags, including the possibility of permanent deactivation; and (4) clearly and prominently labeling RFID readers or transponders.” These additions would strengthen protections for consumers against misuse or abuse of data collected through RFID tags. See EPIC’s page on RFID Systems. (Mar. 17)

Inspector General Finds Continuing Abuses of Patriot Act Powers For the fourth consecutive year, the Inspector General found (pdf) privacy breaches by FBI agents using National Security Letters, which permit the FBI to compel the disclosure of records held by banks, telephone companies, and others without judicial oversight. A second report (pdf) found abuses of Patriot Act Section 215 orders that allow the FBI to demand business records and other "tangible things" from any company or individual. "[W]e found that the FBI had issued [NSLs] for information about [redacted] after the FISA court, citing First Amendment concerns, had twice declined to sign Section 215 orders in the same investigation," the Inspector General said. Sen. Patrick Leahy, Chairman of the Judiciary Committee, plans an oversight hearing. "Legislative action may be necessary to correct these abuses. I intend to seek accountability and advertence to the rule of law," he said. EPIC has recommended (pdf) reforms to the NSL authority. See EPIC's page on National Security Letters. (Mar. 14)

EPIC Sues Trade Commission to Compel Disclosure of Documents Concerning Jones Day's Role in US Doubleclick Merger Review. Today, EPIC filed a Freedom of Information Act lawsuit (pdf) challenging the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The lawsuit follows EPIC's original request (pdf) and subsequent administrative appeal (pdf). During the FTC merger review, Jones Day publicly stated that it represented Doubleclick (pdf). After EPIC learned that Chairman Majoras’ spouse is a Jones Day partner, EPIC moved for the recusal of the FTC Chairman, and emphasized that recusal had occurred in other similar matters involving conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the Google-Doubleclick review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. (Mar. 14)

EPIC Opposes Expanded Camera Surveillance of DC Residents. In a statement to the DC Council, EPIC urged (pdf) a careful evaluation of the cost and effectiveness of camera surveillance systems. Council members are debating a bill that would require all gas station owners in the District to purchase and install camera systems. However, no studies have shown a significant drop in violent crime when camera systems are used. The Metropolitan Police Department has suggested a drop in crime in some parts of the city, but Council member Mary Cheh noted that MPD did not analyze whether the crimes were merely displaced to other areas of the city. As for helping to solve crimes, in the MPD's annual report (pdf) on cameras, police showed no convictions and a handful of arrests based on evidence from the 73 cameras throughout the District. For more information, see EPIC's page on Video Surveillance. (Mar. 11)

European Commission Approves Google-Doubleclick Merger, But European Privacy Laws Will Apply. The European Commission today approved the proposed Google-Doubleclick merger under its competition authority. Though the Commission did not consider privacy in the merger review, it did reaffirm the obligation of Google-Doubleclick to comply with European privacy laws. "The Commission's decision to clear the proposed merger is based exclusively on its appraisal under the EU Merger Regulation. It is without prejudice to the merged entity's obligations under EU legislation in relation to the protection of individuals and the protection of privacy with regard to the processing of personal data and the Member States' implementing legislation." Last year, EPIC filed a complaint (pdf) with the US Federal Trade Commission, urging the FTC to open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users. In January testimony (pdf) before the European Parliament, EPIC urged the European Commission to establish privacy safeguards as a condition of the merger. See EPIC's page on Privacy? Proposed Google/Doubleclick Deal. (Mar. 11)

EPIC Urges Investigation of "Stalker Spyware". EPIC filed a complaint with the Federal Trade Commission against several purveyors of stalker spyware. Stalker spyware products are over the counter surveillance technologies sold for individuals to spy on other individuals -- and can be used by abusers to spy on their victims. The complaint alleges that these companies engage in unfair and deceptive practices by: (1) promoting illegal surveillance by abusers of their victims; (2) promoting "Trojan Horse" email attacks; and (3) failing to warn their customers of legal dangers of misuse of stalker spyware. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and investigate other harms that stalker spyware may cause. For more information see EPIC's pages on Personal Surveillance Technologies, and Domestic Violence and Privacy. (Mar. 7)

Virginia Lawmakers Consider Fusion Center Secrecy Bill as Role of Federal Agencies Remains Unknown. Today the Virginia Senate is considering legislation that would limit the state's open government and privacy laws for "fusion centers." These intelligence databases collect information on ordinary citizens and have raised substantial privacy concerns. Press reports and statements from Virginia officials have also raised questions about federal involvement in the Virginia legislation. EPIC filed Freedom of Information Act requests with two Virginia agencies on February 12, 2008 to determine whether the Dept. of Justice or the Dept. of Homeland Security participated in the development of the legislation. Despite the expiration of the statutory deadline and the pending vote in the Virginia Assembly, the state agencies have not released a single public record in response to EPIC’s requests. For more information, see EPIC's page Information Fusion Centers and Privacy. (Feb. 26)

EC Opens Public Consultation on RFID Recommendations. The European Commission has published draft guidelines on the use radio frequency identification (RFID) technology in member countries. Among other proposals, the commission recommends RFID operators conduct privacy impact assessments before deploying the technology and immediate deactivation of RFID tags containing personal data when goods are purchased. The public is encouraged to submit comments; the deadline is April 25. A final version of the recommendations is expected in Summer 2008. EPIC has experience detailing (pdf) the privacy and security problems that can accompany use of RFID technology. See EPIC's page on RFID. (Feb. 25)

Search Histories Subject to European Privacy Rules. European privacy officials determined this week that companies operating search engines will be subject to European privacy rules that limit the collection, use, and disclosure of personal information. The privacy officials who make up the Article 29 Working Group stated that "The protection of the users' privacy and the guaranteeing of their rights, such as the right to access to their data and the right to information as provided for by the applicable data protection regulations, remain the core issues of the ongoing debate." Earlier this year, EPIC urged the European Parliament to protect the privacy of search histories. A report from the Article 29 Working Group on Search Engines and Privacy is expected in April. (Feb. 22)

Data Broker Merger Threatens Privacy. Reed-Elsevier, corporate parents of Lexis-Nexis, has made a move to acquire Choicepoint, the databroker. Consumer privacy will be seriously affected if the merger is approved without any privacy safeguards. The previous Google-Doubleclick merger involving two large databases of personal information similarly raised privacy as well as antitrust issues. Choicepoint is a large player in the commercial databroker market and has been the target of an EPIC privacy complaint and an FTC investigation and fine for the privacy harms its business practices cause. For more see EPIC's page on Choicepoint. (Feb. 21)

Facebook Eases Account Deletion, Default Third Party Information Sharing Remains. After recent criticisms, concerning the practical impossibility of deleting account information, Facebook has changed its help page on deletion. Users may now contact Facebook to request permanent deletion of their information. However, Facebook's default sharing of excess personal information with thousands of third party application developers remains. User information travels to these third parties when they or their friends add an application to their profiles. Facebook disclaims all liability from what happens to that information. For more, see EPIC's page on Facebook. (Feb. 19)

Supreme Court To Review Decision on Faulty Arrest. The US Supreme Court today agreed to consider Herring v. United States (pdf), a challenge to an arrest based on inaccurate information in a government database. The Court will decide whether to suppress the evidence obtained. In a 1995 opinion, Justice O'Connor wrote, "In recent years, we have witnessed the advent of powerful, computer-based recordkeeping systems that facilitate arrests in ways that have never before been possible. The police, of course, are entitled to enjoy the substantial advantages this technology confers. They may not, however, rely on it blindly. With the benefits of more efficient law enforcement mechanisms comes the burden of corresponding constitutional responsibilities." EPIC has also highlighted problems with inaccurate government databases in formal comments to federal agencies, as well as a 2003 online campaign urging the reestablishment of accuracy requirements for the FBI's National Crime Information Center, the nation's largest criminal justice database. For more information, see EPIC's page on Herring v. US (Feb. 19)

House Holds Fast on Privacy Law Enforcement, President's Unconstitutional Warrantless Surveillance Powers to Expire. The House of Representatives recessed yesterday, allowing the Protect America Act to expire on Saturday. That law, passed in August, expanded the warrantless surveillance powers of the President. The White House also wants legal immunity for telephone companies that participated in the warrantless surveillance program. The House last year passed the RESTORE Act, which rejected the effort to gut the federal wiretap law. After extensive White House lobbying, the Senate this week passed S. 2248 with the immunity provision, but the House said no to the White House effort to adopt the Senate bill. EPIC and other groups are suing the Department of Justice for documents on the legal justification for the warrantless surveillance program. For more, see EPIC's page on FISA. (Feb. 15)

EPIC Challenges Trade Commission's Failure to Produce Documents Concerning Jones Day's Role in US Doubleclick Merger Review. In a Freedom of Information Act appeal(pdf), EPIC challenged the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The appeal follows EPIC's original request. During the FTC review, Jones Day publicly stated that it represented Doubleclick but later denied representing Doubleclick, after EPIC learned that Chairman Majoras’ husband, John M. Majoras, is a Jones Day partner. EPIC moved for the recusal of the Chairman, and noted that recusal had occurred in other matters involving apparent conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. For more information, see EPIC's page Privacy? Proposed Google/Doubleclick Deal. (Feb. 13)

EPIC Seeks Documents About Federal Role in Effort to Limit Accountability of State "Fusion Centers". EPIC filed a Freedom of Information Act request (pdf) with the Virginia State Police today. EPIC's request seeks documents about a plan that would shroud the Virginia Fusion Center, a database that collects detailed information on ordinary citizens, in secrecy. The Virginia legislature is considering a bill that would limit Virginia's open government and privacy statutes, as well as Virginia's common law right of privacy, for Virginia agencies connected to the Fusion Center. Press Groups have criticized the proposed law, and warned that, if passed, Virginia citizens can "say hello to Big Brother." EPIC's FOIA request focuses on the possible role of the US Department of Justice and the US Department of Homeland Security in the development of the Virginia legislation. For more information, see EPIC's page Information Fusion Centers and Privacy. (Feb. 12)

EPIC, Privacy Groups Renew Call for Investigation of Ask Eraser. EPIC filed a supplemental complaint (pdf) with the Federal Trade Commission today highlighting the ongoing consumer privacy threats posed by Ask.com’s AskEraser product. The new complaint restates that Ask.com is engaging in an unfair and deceptive trade practice. Ask.com corrected one substantial problem with AskEraser following an earlier letter from EPIC, but EPIC makes clear in the new filing that Ask.com has failed to resolve the substantial threats to consumer privacy, and urges the FTC to move forward with an investigation. For more information, see the EPIC "Does Ask Eraser Really Erase?" page. (Feb. 8)

EPIC Urges Court to Assess Government Secrecy Claims in Domestic Surveillance Case. EPIC, in a joint brief (pdf) with the American Civil Liberties Union and the National Security Archive, asked a federal court to order the Department of Justice to produce legal opinions that were prepared to justify the President’s domestic surveillance program. The brief renews EPIC’s request that a federal judge review the documents held by the agency and determine whether they should be kept from the public. In December 2005, immediately after press reports uncovered the President’s surveillance program, EPIC requested the legal opinions that were prepared to justify the program. The government refused to produce many key documents, and EPIC sued under the Freedom of Information Act. (Feb. 6)

Homeland Security Agency Finally Releases Annual Privacy Report. The Department of Homeland Security has just published the 2007 Annual Privacy Report, several months after it was due. Under the Homeland Security Act of 2002, the Chief Privacy Officer must prepare "a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The first report (April 2003 to June 2004), was published in February 2005. The second report (July 2004 to July 2006) was published in December 2006. EPIC has urged the timely publication of the Annual Reports so that the Congress and the public can meaningfully evaluate the impact of the Department's programs on privacy. For more information, see EPIC's letter on the Homeland Security Privacy Report. (Feb. 4)

Security Experts Warn that Pending Surveillance Law Will Weaken US National Security. In a report that will appear in IEEE Security & Privacy, leading experts in computer security warn that legislation now under consideration in the Senate could make the United States vulnerable to attack. The paper "Risking Communications security: Potential hazards of the Protect America Act" warns that warrantless wiretapping creates creates serious security risks, including "danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents." (Jan. 30)

European High Court Protects Internet Privacy. In response to a request from the Spanish national court, the European Court of Justice ruled today that European community law does not require European countries to disclose user information in civil cases involving copyright. The high court for the European Union also ruled that European countries have no obligation to require ISPs to retain data for civil lawsuits. The case is Promusicae, C-275/06 . For more on international privacy law, see EPIC's Privacy and Human Rights report. (Jan. 29)

Europe Celebrates Privacy Day, US Intends New Internet Surveillance. The Council of Europe has designated January 28 Data Protection Day, a day to "to inform and educate the public at large as to their day-to-day rights." The Wall Street Journal reported today that US Homeland Security Secretary Michael Chertoff is seeking $6 b to expand secret surveillance of Internet communications, which would include government sensors on private, company networks. EPIC's Privacy and Human Rights reports surveys privacy developments around the globe. Privacy International recently published International Privacy Rankings for 2007. (Jan. 28)

EPIC Urges European Parliament to Act on Google-Doubleclick Merger. In testimony before the European Parliament in Brussels, EPIC President Marc Rotenberg said that the European Commission must establish privacy safeguards because the US Federal Trade Commission failed to do so (pdf) during the US merger review. Mr. Rotenberg also said that Google was beginning to reveal the characteristics of an "information monopolist" and that it was important for governments to act to preserve the rights of citizens and to safeguard competition and innovation in the information economy. For more information, see page on Privacy? Proposed Google-DoubleClick Merger. (Jan. 21)

Montana Governor Urges REAL ID Rebellion. In a letter (pdf) to the governors of 17 states, Montana Governor Brian Schweitzer asked them to band together to reject the REAL ID national identification system. "Today, I am asking you to join with me in resisting the DHS coercion to comply with the provisions of REAL ID," Gov. Schweitzer wrote. "I would like us to speak with one, unified voice and demand the Congress step in and fix this mess." On January 11, Homeland Security Secretary Michael Chertoff released the agency's final regulations for REAL ID. The proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates, and security experts (pdf). EPIC has called the scheme "a real danger to security and civil rights." See EPIC's National ID Cards and REAL ID Act page. (Jan. 21)

Consumer Privacy Coalition Files FTC Complaint Against Ask.com. EPIC and five other groups filed a complaint (pdf) with the Federal Trade Commission alleging that Ask.com is engaging in unfair and deceptive trade practices with the representations concerning AskEraser, a search service that purports to protect privacy. Among the critical points highlighted by the consumer privacy coalition: (1) users must accept an AskEraser cookie and disable a genuine privacy feature in browsers that block cookies; (2) the AskEraser cookie is a unique persistent identifier that makes it easy for Ask.com, its business partners, and the government to track the activities of AskEraser users; and (3) Ask.com will disable the search delete feature -- the central purpose of the Ask Eraser service -- without notice to the user. The complaint follows a December letter (pdf) to Ask.com describing these security and privacy problems. (Jan. 19)

EPIC Proposes Privacy Conditions for Video Surveillance. In comments (pdf) filed today with the Department of Homeland Security, EPIC detailed its "Framework for Protecting Privacy & Civil Liberties If CCTV Systems Are Contemplated." EPIC explained that it "does not support the creation nor the expansion of video surveillance systems, because their limited benefits do not outweigh their enormous monetary and social costs." EPIC's guidelines explain that (1) alternatives to CCTV are preferred; (2) there must be a demonstrated need for the system; (3) the public and privacy and security experts must be consulted before the system is created; (4) Fair Information Practices must govern any use of video surveillance; (5) there must be a privacy and civil liberties assessment; and (6) there needs to be room to create enhanced safeguards for any enhanced surveillance. EPIC's framework is based on Fair Information Practices, the Privacy Act of 1974, the 1980 OECD Privacy Guidelines, and the Video Voyeurism Act. See EPIC's page on Video Surveillance. (Jan. 15)

National Identification Plan Announced. Department of Homeland Security Secretary Michael Chertoff today released the agency's final regulations for REAL ID, the national identification system. The proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates, and security experts (pdf). The Secretary scaled back some of the requirements, reduced the cost, and extended the deadline for state compliance. However, Secretary Chertoff also indicated that the REAL ID card would be used for a wide variety of purposes, unrelated to the law that authorized the system, including employment verification and immigration determination. He also indicated that the agency would not prevent the use of the card by private parties for non-government purposes. As part of the cost-saving effort, Homeland Security has decided not to encrypt the data that will be stored on the card. Congress is considering legislation to repeal the Act. View EPIC's press release: Homeland Security Department Announces Deeply Flawed Regulations For National ID System. For more information, see EPIC's National ID Cards and REAL ID Act page. (Jan. 11)

Homeland Security Expected To Release REAL ID Regulations on Friday. EPIC has learned that the Department of Homeland Security will release the final regulations for REAL ID tomorrow at noon ET. The proposal for a federally mandated national identification system has been widely criticized. EPIC and others (pdf) have detailed security and privacy problems (pdf) with the plan. A coalition of organizations urged the Homeland Security agency to withdraw the proposal. Seventeen states formally opposed REAL ID, and Congress is considering legislation that would repeal the plan. The original deadline for implementation was 2008, but DHS has pushed it back to 2013, in part, because of public opposition. See EPIC's National ID Cards and REAL ID Act page. (Jan. 10)

Federal Appellate Court Hears Case on Prescription Data and Privacy. Today, the First Circuit Court of Appeals heard oral arguments in a case concerning a New Hampshire state law banning the sale of prescribe-identifiable prescription drug data for marketing purposes. In August, EPIC and 16 experts in privacy and technology filed a "friend of the court" brief (pdf) urging the First Circuit Court of Appeals to reverse the ruling (pdf) of the lower court, which held that the NH Prescription Confidentiality Act violated the free speech rights of data mining companies. The experts said the lower court should be reversed because there is a substantial privacy interest in de-identified patient data that the lower court failed to consider. This privacy interest, in part flows from the reality that data may not be, in fact, truly de-identified, and also because de-identified data does impact actual individuals. See EPIC's IMS Health v. Ayotte page. (Jan. 9)

EPIC Privacy Page | EPIC Home Page