EPIC Alert 24.22

1. EPIC Argues Voter Data Privacy Case Before D.C. Circuit

The U.S. Court of Appeals for the D.C. Circuit heard oral arguments last week in EPIC's case against the Presidential Election Commission concerning the unlawful collection of state voter data. EPIC has filed suit to halt the Commission's collection of state voter data and to compel the Commission to conduct a Privacy Impact Assessment required by law.

"This data, voter data, is the most sensitive data in our form of government, and we know on the record that it was also the target of a foreign adversary during the 2016 election," EPIC President Marc Rotenberg told the court during arguments. "It's actually difficult for us to imagine a case where there's a more compelling claim to undertake, complete and publish the Privacy Impact Assessment as Section 208 of the E-Government Act requires."

EPIC's initial filing in July led the Commission to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the state voter data that was unlawfully obtained. The Commission resumed collection after a lower court ruled on EPIC's emergency motion for a temporary restraining order.

Judge Douglas H. Ginsburg, one of the three members of the panel that heard EPIC's case, thanked EPIC for "pointing [ ] out to the agency" that the Commission was initially using an insecure Department of Defense server to collect sensitive voter data.

"We appreciate that," Rotenberg responded, "but you see that demonstrates on the record in this case that the concern we have is not theoretical, we're not talking about what might happen to data that is not protected under the requirements of a Privacy Impact Assessment. We can actually point to the record in this case and show what happened when the Commission collected the data. And we are still in the dark. We still don't know if the Commission has answered the questions that Section 208 requires. How will the data be used? Who will have access to it? For what purpose is it being collected?"

Many states and more than 150 members of Congress have opposed the Commission's efforts to collect voter information. The Government Accountability Office has opened an investigation to determine whether the Commission has engaged in unlawful action, and one Commission member recently filed suit against the Commission.

EPIC's appeal is EPIC v. Commission, No. 17-5171 (D.C. Cir.). A recording of oral arguments is available here, and a transcript is available here. EPIC is continuing to pursue its case against the Commission before the U.S. District Court for the District of Columbia, as well. That case is EPIC v. Commission, No. 17-1320 (D.D.C.).

2. EPIC FOIA: Rep. Ted Lieu Asks FBI to Explain Failure to Notify Russian Hacking Victims

p>In a letter to FBI director Christopher Wray, Rep. Ted Lieu (D-CA) asked the FBI to brief Congress on the agency's failure to notify victims targeted by the Russian hacking group Fancy Bear. Rep. Lieu's letter follows an Associated Press (AP) investigation which found that the FBI did not notify U.S. officials that their email accounts were compromised even though the FBI knew of the targeted cyberattacks and had primary responsibility in the federal government for notification.

EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act (FOIA) lawsuit (EPIC v. FBI) filed earlier this year. The FBI policy calls for notifying victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." Yet out of the 80 U.S. targets of the Russian hacking group that the AP interviewed, the news agency was only able to find two victims who were notified by the FBI that their personal email accounts had been affected.

"It is unacceptable that targeted U.S. officials learned about these attacks on their own accounts from news reports rather than from their own government," Rep. Lieu wrote, particularly because the same hackers were successful in compromising the DNC and Ukrainian military forces. "Failing to notify current or former U.S. officials of known cyber-attacks hampers their ability to assess and mitigate damage," Lieu added, as many hackers often collect useful data from private email accounts that can be used for future attacks.

The FBI Victim Notification Procedures, obtained by EPIC, were also the subject of a hearing earlier this year before the Senate Select Committee on Intelligence.

EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election as part of its Democracy and Cybersecurity Campaign. These FOIA cases include EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).

3. EPIC Urges Supreme Court to Steer Clear of Warrantless Vehicle Searches

EPIC has filed an amicus brief in Byrd v. United States, a case about warrantless searches of rental vehicles. The Supreme Court will consider whether a driver has a reasonable expectation of privacy in a rental vehicle when he has the renter's permission to drive the car but is not listed as an authorized driver on the rental agreement.

EPIC urged the Supreme Court to recognize that a modern car collects vast troves of personal data—much more than just the physical contents around the seats. EPIC explained that cars today "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC pointed to the routine collection of cell phone contents with a Bluetooth connection, data which is stored in the car even after "deletion." EPIC also emphasized that the status of the driver has no bearing on Fourth Amendment privacy interests. EPIC argued that "constitutional rights are still recognized despite contractual violations" like being an unauthorized driver under a rental agreement.

In the case on appeal to the Supreme Court, the federal appeals court held that the driver was not entitled to privacy protection because he was not an authorized renter. However, several other federal appeals courts have recognized that a driver need not be authorized under a rental agreement to have a legitimate expectation of privacy in the rental vehicle.

EPIC has filed extensive comments with the National Highway Traffic Safety Administration, the Federal Trade Commission and the Department of Transportation and has testified before the U.S. Congress regarding the privacy and consumer safety risks posed by connected vehicles. EPIC also routinely participates as amicus curiae in cases before the Supreme Court, such as in United States v. Jones, Riley v. California, and Florida v. Harris. Oral arguments in Byrd v. United States are scheduled for January 9, 2018.

4. EPIC Challenges Google Cookie Tracking Settlement as Unfair to Class Members

EPIC has filed an amicus brief with the Third Circuit U.S. Court of Appeals urging the Court to reject a proposed class action settlement in a consumer privacy case. The case concerns Google's tracking of Internet users in violation of the users' privacy settings. Google allegedly used cookies containing code that enabled the company to evade the cookie-blocking features of certain web browsers.

EPIC argued that the court should reject the settlement for several reasons: it mandated no change in Google's business practices, it gave no money to the class, and it wrongly awarded cy pres funds to organizations that Google has financially supported. Cy pres, the Latin term for "as near as," refers to settlement funds that are distributed to organizations in lieu of direct payments to the class members. EPIC has raised concerns about the awarding of cy pres funds to organizations that don't protect consumer privacy. EPIC has proposed an objective basis for courts to make determinations in consumer privacy cases that would protect against collusion between the parties in the settlement.

EPIC also argued that the parties misled the court during oral arguments by suggesting that there was only a "limited sphere" of organizations doing consumer privacy work. In fact, EPIC, the Center for Digital Democracy, and US PIRG were the groups that warned the FTC in 2007 that the Google-DoubleClick merger would lead to the very internet tracking practices at issue in the settlement. EPIC's 2010 FTC complaint regarding Google Buzz also led to the FTC's Consent Order with Google that enabled the Commission to pursue related charges against Google.

The settlement was opposed by the Attorneys General of thirteen states and appealed to the federal appeals court. EPIC has previously opposed class action settlements that are unfair to class members, including the settlement in Fraley v. Facebook, a case involving Facebook's use of "sponsored stories."

5. EPIC Promotes 'Algorithmic Transparency,' Urges Congress to Regulate AI Techniques

In advance of a recent hearing on "Algorithms: How Companies' Decisions About Data and Content Impact Consumers," EPIC warned a Congressional committee that many organizations now make decisions based on opaque techniques they don't understand. EPIC also emphasized to the committee that Algorithmic Transparency is critical for democratic accountability.

EPIC gave examples of algorithms being used in ways that hurt consumers, such as algorithms that deny people educational opportunities, employment, housing, insurance, and credit. EPIC also explained that the government's use of AI raises fundamental issues of fairness and accountability—for example, when algorithms are applied in the criminal justice system or when U.S. Customs and Border Protection relies on secret analytic tools to assign "risk assessments" to U.S. travelers.

At the hearing, witnesses discussed the scope of the harms caused by secret algorithms and the effectiveness of transparency as a solution. Professor and EPIC Board Member Frank Pasquale explained that black-box decision-making is dangerous because "the use of data and algorithms by large corporations will be at the core of civil rights, consumer protection, and competition policy in the 21st century." Transparency is essential to hold companies and governments accountable, Prof. Pasquale argued.

Earlier this year, EPIC filed a complaint with the FTC that challenged the secret scoring of athletes by Universal Tennis. EPIC warned that the "UTR score defines the status of young athletes in all tennis related activity; impacts opportunities for scholarship, education and employment; and may in the future provide the basis for 'social scoring' and government rating of citizens." EPIC said to the FTC that it "seeks to ensure that all rating systems concerning individuals are open, transparent and accountable." EPIC has also written to Congress and about the need to expand the FTC's authority to protect consumer privacy.

In 2015, EPIC launched an international a campaign in support of Algorithmic Transparency. At a speech to UNESCO in 2015, EPIC President Marc Rotenberg called knowledge of the algorithm "a fundamental human right."

News in Brief

EPIC v. FBI: EPIC Pursues Release of Documents on Russian Meddling

In the Freedom of Information Act lawsuit EPIC v. FBI, EPIC has filed a motion contending the FBI must release records detailing the Russian interference in the 2016 election. EPIC explained that "a year after the election the full extent of Russian interference remains unknown to the public." EPIC also said the the FBI's failure to release documents "is contrary to law and leave at risk the security of future U.S. elections." The FBI must now file a reply to EPIC's motion. EPIC v. FBI is a part of the new EPIC Democracy and Cybersecurity Project focused on preserving democratic institutions. EPIC has filed related FOIA lawsuits against the DHS, ODNI, and IRS. EPIC also recently pressed the Federal Election Commission to establish transparency for online ads. The FEC voted unanimouslyto adopt new rules.

EPIC Amicus: Ninth Circuit Holds Violation of Video Privacy Law Establishes 'Standing'

The Ninth Circuit recently issued an opinion that addressed standing—the right to bring a lawsuit—under the Video Privacy Protection Act. The court found that the law protects a "substantive right to privacy that suffers any time a video service provider discloses otherwise private information." The court stated that a "plaintiff need not allege any further harm to have standing." EPIC filed an amicus letter brief in response to the court's request for parties to discuss standing following the Supreme Court decision in Spokeo v. Robbins. EPIC urged the court to recognize that "Congress intended to protect consumers' concrete interests in the confidentiality of their video viewing records." Contrasting with the Spokeo decision concerning the Fair Credit Reporting Act, the federal appeals court agreed that the video privacy law protects a "substantive interest." EPIC regularly filesamicus briefs defending Article III standing in consumer privacy cases, and filed several amicus briefs after the Spokeo decision, including in Attias v. Carefirst, Gubala v. Time Warner Cable, and In re SuperValu Customer Data Security Breach Litigation.

EPIC to House Committee: Privacy Safeguards Apply to Personal Data Sent to Government

In advance of a hearing on "Cyber Threat Information Sharing," EPIC has sent a statement to the House Homeland Security Committee. EPIC urged the Committee to determine whether there are sufficient protections for personal data sent to government agencies. Private companies now have legal authority to transfer data to government agencies outside traditional privacy procedures following passage of the Cybersecurity Information Sharing Act. EPIC and a broad coalition warned that the law will increase monitoring of Internet users and government secrecy. EPIC urged the Congressional committee to carefully examine the "scrubbing" techniques that are intended to remove personally identifiable information before data is transferred to federal agencies.

EPIC to Congress: FAA Must Establish Drone Privacy Safeguards and ID Requirements

EPIC sent a statement to a House Committee on Transportation ahead of a hearing on drone deployment in the United States. EPIC said that "privacy rules and identification requirements" are vital for the safe integration of commercial drones in the national air space. EPIC explained that the FAA has failed to establish necessary safeguards and has purposefully ignored privacy and public safety risks. In 2015, EPIC sued the FAA, arguing that the agency failed to comply with a Congressional mandate and a petition from leading experts. EPIC also told Congress that the FAA has excluded privacy experts from the agency task force on drone policy. In October 2017, CNN reported the first drone strike on a commercial aircraft.

EPIC, Coalition Oppose Government's 'Extreme Vetting' Proposal

EPIC and a coalition of civil rights organizations have sent a letter to the Acting Secretary of Homeland Security strongly opposing the Extreme Vetting Initiative. A similar letter was sent by technical experts. The government's 'Extreme Vetting' initiative uses opaque procedures, secret profiles, and obscure data including social media post, to review visa applicants and make final determinations. EPIC has warned against both the government's use of social media data and secret algorithms to profile individuals for decision making purposes. EPIC is also pursuing a FOIA request for details on the relationship between the Immigration and Customs Enforcement agency and Palantir, a company that provides software to analyze large amounts of data.

EPIC Provides U.S. Report for Privacy Experts Meeting

EPIC has provided a comprehensive report explaining the latest developments in U.S. privacy law and policy to the International Working Group on Data Protection in Telecommunications. The Berlin-based Working Group includes Data Protection Authorities and experts, from around the world, who work together to address emerging privacy challenges. The EPIC report details legislative proposals to address privacy and security risks of automated vehicles, pending Supreme Court case concerning cell phone location tracking Carpenter v. United States, U.S. investigation of the Russian interference in the 2016 election, the Equifax data breach, and more. The 62nd meeting of the IWG took place in Paris, France on November 27-28. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.

European Court Holds Camera Surveillance of University Lecture Halls Violates Privacy

The European Court of Justice will now hear a second case on legal protections for personal data sent from Europe to the United States. Data Protection Commissioner v. Facebook considers whether Facebook's transfers of data from Ireland to the United States violate the European Charter of Fundamental Rights. The Irish High Court recently ruled this week that there are "well-founded concerns that there is an absence of an effective legal remedy in U.S. law" and referred the matter to the high court of Europe. The case in Ireland follows the landmark 2015 decision Schrems v. DPC, which found insufficient legal protections for the transfer of data to the United States. In the Irish case, Max Schrems, an Austrian privacy advocate, challenged Facebook's transfer of personal data to the U.S. under "standard contractual clauses." EPIC was designated the US NGO amicus curiae in DPC v. Facebook, and provided a detailed assessment of US privacy law. EPIC was represented before the Irish court by FLAC (Free Advice Legal Centres), an independent human rights organization, based in Dublin.

Senator Warner Questions Uber CEO On Why It Hid Data Breach

Senator Mark Warner sent a letter to the Uber CEO, Dara Khosrowshahi, questioning him about why the company covered up a data breach that affected 57 million consumers last year. Uber recently admitted that it hid a massive data breach from the public and paid the hackers $100,000 to delete the data. The stolen data included names, e-mail addresses, phone numbers, and drivers' licenses. Senator Warner told the Uber CEO that he had "grave concerns about your handling of a breach," including the fact that the company disclosed the breach to investors but not the public. Senator Warner has co-sponsored bipartisan legislation that would provide consumers with one free credit freeze per year and protect the credit ratings of veterans wrongly penalized by medical bills. EPIC's 2015 complaint with the FTC regarding Uber's abuse of personal data led to an FTC settlement in August, 2017. EPIC has also proposed a privacy law for Uber and other ride-sharing companies.

Uber Hid Massive Data Breach For Over A Year And Paid Hackers

Uber admitted this month that hackers stole the personal data of 57 million Uber customers and drivers in October 2016. The data included names, e-mail addresses, phone numbers, and the license numbers of 600,000 drivers. Rather than disclose the data breach to the public, as required by law, Uber paid the hackers $100,000 to delete the information. Uber has a well-documented history of abusing consumer privacy. EPIC recently testified in the Senate for strong data breach legislation that would require companies to immediately notify affected consumers of data breaches. EPIC filed a complaint with the FTC in 2015 regarding Uber's egregious misuse of personal data. That complaint led to an FTC settlement with Uber in August, 2017. In 2015, EPIC also proposed a privacy law for Uber and other ride-sharing companies.

Senators Leahy and Lee Introduce USA Liberty Act, Reform for FISA Spying

Senator Patrick Leahy (D-VT) and Senator Mike Lee (R-UT) have introduced the USA Liberty Act to reform surveillance under Section 702 of the Foreign Intelligence Surveillance Act. The Leahy-Lee bill would close the "backdoor search" loophole by requiring a probable cause court order before the government can review the contents of Americans' communications. The Leahy-Lee bill also codifies the ban on collecting "about" communications, mandates the appointment of amicus curiae for review of the surveillance programs, and establishes new reporting requirements. In a Freedom of Information Act lawsuit, EPIC v. NSD, EPIC is seeking the release of a Foreign Intelligence Surveillance Court report detailing the FBI's use of section 702 data for domestic criminal purposes.

After Public Pressure, FEC To Begin Rulemaking On Online Ad Transparency

After receiving over 150,000 public comments, the Federal Election Commission voted unanimouslyto make new rules governing online political ad disclosures. EPIC, numerous other organizations, and lawmakers pressed the FEC to require transparency for online ads to combat foreign interference in U.S. elections. The FEC had solicited public comments on its internet disclosure rules three times in six years before finally taking action. A group of 15 Senators wrote, "The FEC must close loopholes that have allowed foreign adversaries to sow discord and misinform the American electorate." And a group of 18 members of Congress urged the FEC to "address head-on the topic of illicit foreign activity in U.S. elections." EPIC suggested the FEC go a step beyond simple disclosures and require "algorithmic transparency" for online platforms that deliver targeted ads to voters. Several senators have also introduced a bipartisan bill that would require the same disclosures for online ads as for television and radio. EPIC is fully engaged in protecting the integrity of elections with its Project on Democracy and Cybersecurity.

Consumer Bureau Proposes Policy Guidance for Data Aggregation Services

The Consumer Financial Protection Bureau recently set out guidance for financial services that aggregate consumer data. The Bureau outlined Consumer Protection Principles that "express the Bureau's vision for realizing a robust, safe, and workable data aggregation market that gives consumers protection, usefulness, and value." The Consumer Protection Principles for aggregated consumer data services are: (1) consumer access to information, (2) usability and limited scope of access by third parties, (3) consumer control and informed consent, (4) authorizing payments, (5) security (6) access transparency, (7) accuracy, (8) ability to dispute and resolve unauthorized access, and (9) efficient and effective accountability mechanisms. EPIC has urged Congress to establish privacy and data security standards for consumer services and has championed algorithmic transparency. In testimony before Congress, EPIC Board member Professor Frank Pasquale explained that the use of secret algorithms often have adverse consequences for consumers.

White House Vulnerability Review Charter Provides Process for Disclosing Tech Flaws

The White House has released the "Vulnerabilities Equities Policy and Process," describing how the U.S. Government will make decisions regarding disclosure of "Zero-day vulnerabilities." At issue are vulnerabilities in software and consumer products that can be exploited by intelligence agencies and malicious hackers. If the VEP review board—comprised of agency representatives such as the DHS, ODNI, CIA, FBI, OMB, Commerce Department, and NSA—votes for disclosure, the tech company will be notified "when possible" within 7 business days. The charter requires the NSA, serving as the board's secretariat, to produce an annual public report on VEP decisions. In extensive comments on surveillance reform, EPIC supported the recommendations of the Obama Review Group, which included a recommendation for an interagency process to review "Zero-day vulnerabilities." In a letter to the Senate Committee on Homeland Security earlier this year, EPIC stated that "data protection and privacy should remain a central focus of the cyber security policy of the United States."

European Court Adviser Says Facebook Privacy Class Action Barred

The opinion of a key adviser to the European Court of Justice holds that a class action cannot proceed against Facebook, but would permit individual privacy claims to move forward. The class action of 25,000 consumers brought by Austrian privacy activist and EPIC Advisory Board member Max Schrems alleges Facebook violated Europeans' privacy rights, including for transferring data to the U.S. intelligence community. The opinion from Advocate General Bobek said a "consumer cannot invoke, at the same time as his own claims, claims on the same subject assigned by other consumers," citing the risk of consumers shopping for the most favorable forums. The European Court of Justice typically adopts the opinions of the Advocate General. The Court of Justice will also consider DPC v. Facebook, involving whether Facebook's data transfers from Ireland to the U.S. violate European Fundamental Rights. In 2013, Max Schrems received the EPIC International Champion of Freedom Award.

EPIC in the News

• Google Hit With Class Action Lawsuit In UK Over Data Privacy, Android Headlines, November 30, 2017
• 9th Circ. Says ESPN App User's Data Isn't Personal Info, Law360, November 30, 2017
• Justices appear to favor more restraints on government access to digital information, Washington Post, November 29, 2017
• FBI deviated from its policy on alerting hacking victims, San Francisco Chronicle, November 28, 2017
• Supreme Court confronts how technology impacts U.S. notion of privacy, Washington Post, November 28, 2017
• Appeals court skeptical of privacy-focused suit against Trump voter fraud panel, POLITICO, November 22, 2017
• Uber: We covered up massive hack, Boston Herald, November 22, 2017
• Insurance apps and plug-ins: Do you save and at what cost?, KGW, November 21, 2017
• Challenge to Trump election commission goes to federal appeals court, Washington Post, November 21, 2017
• Judges question EPIC's right to sue Trump election commission, Washington Post, November 21, 2017
• Internet-connected toys might invade children's privacy, Illinois consumer group warns, Chicago Tribune, November 21, 2017
• Why Google should be afraid of this Missouri attorney general, International Business Times, November 17, 2017
• Mo. AG Investigating Google's Competition, Privacy Practices, Law360, November 15, 2017
• Watchdog Orgs. Urge Transparency In Online Election Ads, Law360, November 15, 2017

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC publications:

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

Where Are We With Location Privacy? Reactions to the Supreme Court's Oral Argument in Carpenter v. United States
November 30, 2017
Alan Butler, EPIC Senior Counsel
American Bar Association—Section on Civil Rights and Social Justice
Washington, DC

FTC Workshop: Student Privacy and Ed Tech
December 1, 2017
Christine Bannan, EPIC Policy Fellow
Constitution Center
Washington, DC

'Tech Triumph or Bloated Bubble: Innovation, Investors & Industrial Transformation'
Yale CEO Summit
December 14, 2017
Marc Rotenberg, EPIC President
New York, NY

EPIC International Champion of Freedom Awards
Computers, Privacy and Data Protection (CPDP) Conference
January 24, 2018
Brussels, Belgium

'The Internet of Bodies'
Computers, Privacy and Data Protection (CPDP) Conference
January 24-26, 2018
Marc Rotenberg, EPIC President
Eleni Kyriakides, EPIC International Law Fellow
Brussels, Belgium

'UTmessan - Where everything connects'
February 2, 2018
Marc Rotenberg, EPIC President
Reykjavik, Iceland

19th Annual Privacy & Security Conference
February 8, 2018
Marc Rotenberg, EPIC President (keynote)
Victoria Conference Centre
Victoria, Canada

2018 EPIC Champions of Freedom Awards Dinner
June 5, 2018 Washington, DC