The U.S. Government Accountability Office has released a key report about privacy and discrimination risks posed by the commercial use of facial recognition. The GAO completed the report in response to research showing the disparate impact the technology has on minorities, including a National institute of Science and Technology study which found that facial recognition systems misidentify Black women at disproportionately high rates. The GAO report finds that, despite improvements in facial recognition technology, "differences in performance exist for certain demographic groups." The GAO report reiterates the office’s 2013 recommendation urging Congress to update the federal consumer privacy framework to reflect changes in technology. EPIC advocates for a comprehensive federal privacy law and has called for a moratorium on face surveillance.
The D.C. Circuit has ruled that it lacks jurisdiction to hear the appeal of CareFirst customers whose data was stolen in a 2014 data breach. The lower court in Attias v. CareFirst dismissed most of the plaintiffs and claims in the case for failure to allege damages and certified the dismissed claims for appeal. The D.C. Circuit determined that some of the claims could not be appealed until the remaining claims were resolved by the lower court, and it was not clear whether the district court judge intended to certify the claims of the dismissed plaintiffs alone. The decision comes over a year after the parties briefed the substantive questions on appeal. EPIC filed an amicus brief that urged the court to impose a duty of reasonable data protection on businesses to ensure that companies protect the personal data they collect. EPIC also filed an amicus brief in the case the last time it was in the D.C. Circuit on a challenge to consumer standing. The D.C. Circuit held that the CareFirst consumers had standing to sue for the data breach.
Through a Public Information Act request to the Texas Department of Public Safety, EPIC obtained records about the department's use of two Pilatus surveillance planes, including videos recorded during the George Floyd protests. Reports have indicated that these planes, purchased by the state for border operations, were used to surveil cities hundreds of miles from the border. EPIC obtained flight logs from January 1, 2018 to June 15, 2020, plane technical specifications and the department's video retention policy. The flight logs revealed that the surveillance planes flew an average of one flight per day between May 25 to June 15, 2020, with a total of 103 hours of total flight time. In over ninety percent of these flights, the planes recorded no video. The planes reportedly cost an average of $474 an hour to fly, and the Texas DPS spent roughly $49,000 to record three videos over the three-week span. The Texas DPS withheld three videos recorded between May 25 to June 15, 2020, during the height of the George Floyd protests, despite its video retention policy stating that "all retained video copies...will be subject to open records requests." EPIC has long highlighted the privacy and civil liberties implications of aerial surveillance technology and has called on Congress to "establish drone privacy safeguards that limit the risk of public surveillance."
