EPIC Alert 25.12

1. Victory for Privacy: Supreme Court Says Cell Phone Location Records Protected Under Fourth Amendment

In a landmark ruling, the U.S. Supreme Court held that the Fourth Amendment protects location records generated by mobile phones. The government in Carpenter v. United States had obtained more than six months of location records without a warrant under the Stored Communications Act. The lower court had denied Defendant's motion to suppress the location data, finding that the government's access to the records was not a "search" under the Fourth Amendment. The Supreme Court, by a 5-4 majority, reversed that decision.

EPIC filed a "friend-of-the-court" brief in Carpenter, signed by thirty-six technical experts and legal scholars, urging the Court to recognize that the "world has changed" since the Court decided in Smith v. Maryland that the warrantless use of pen registers did not violate the Fourth Amendment. EPIC argued that "cell phones are now as necessary to the life of Americans as they are ubiquitous" and that users expect their location data will remain private.

The Court agreed, in a decision by Chief Justice Roberts, emphasizing the importance of protecting privacy as technology advances: "After all, when Smith was decided in 1979, few could have imagined a society in which a phone goes wherever its owner goes, conveying to the wireless carrier not just dialed digits, but a detailed and comprehensive record of the person's movements," the Court wrote. "There is a world of difference between the limited types of personal information addressed in Smith and [United States v. Miller] and the exhaustive chronicle of location information casually collected by wireless carriers today." The Court emphasized that "a person does not surrender all Fourth Amendment protection by venturing into the public sphere."

Moreover, Chief Justice Roberts drew no distinction between whether the Government deployed its own tracking technology, such as a GPS tracking device, or sought to access that same information from a wireless carrier. "In fact, historical cell-site records present even greater privacy concerns than the GPS monitoring of a vehicle we considered in Jones v. United States," the Court wrote. "A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor's offices, political headquarters, and other potentially revealing locales. . . . Accordingly, when the Government tracks the location of a cell phone it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone's user."

"Virtually any activity on the phone generates CSLI, including incoming calls, texts, or e-mails and countless other data connections that a phone automatically makes when checking for news, weather, or social media updates. Apart from disconnecting the phone from the network, there is no way to avoid leaving behind a trail of location data," Chief Justice Roberts added. "In light of the deeply revealing nature of CSLI, its depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection, the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection." Dissenting opinions were filed by Justices Kennedy, Thomas, Alito, and Gorsuch.

EPIC previously argued against warrantless searches of location data in Riley v. California, United States v. Jones, State v. Earls and Commonwealth v. Connolly. EPIC also routinely participates as amicus curiae in cases before the Supreme Court, including three this past year in United States v. Microsoft Corp., Dahda v. United States, and Byrd v. United States.

2. EPIC Testifies at FEC Hearing on Online Political Ads, Urges Greater Transparency

The Federal Election Commission held a hearing recently on the agency's proposed rule governing disclosures for online political ads. Christine Bannan, EPIC Administrative Law and Policy Fellow, testified on the second day of the hearing alongside representatives from the Republican National Committee and the advertising industry. Facebook, Twitter, and Google submitted comments but declined the commission's invitations to testify.

EPIC submitted multiple comments to the FEC urging the agency to promulgate rules that would require online political ads to disclose their funders—as is required for traditional media ads. The commissioners asked panelists how to decide which ads should be required to include a full disclosure on the face of the ad, and which ads could use an indicator (such as a link or hover-over mechanism) that would lead to the full disclosure. EPIC argued that the name of an ad's funder should be visible on the face of an ad whenever feasible, and EPIC opposed an exception that would allow small ads to evade all forms of disclosure.

EPIC also proposed the FEC adopt "algorithmic transparency" procedures that would require advertisers to disclose the demographic factors behind targeted political ads, as well as the source and payment, and maintain a public directory of advertiser data.

EPIC's Project on Democracy and Cybersecurity, established after the 2016 presidential election, seeks to safeguard democratic institutions from various forms of cyberattack. EPIC is currently pursuing a Freedom of Information Act lawsuit for Department of Homeland Security research, integration, and analysis concerning Russian interference in the 2016 presidential election.

3. EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices

EPIC has filed an amicus brief with the Ninth Circuit Court of Appeals in a case concerning Facebook's tracking of users' web browsing habits even after they logged out of the platform. EPIC argued that users should not bear the burden of protecting themselves from invasive web tracking practices. EPIC explained that the lower court "misunderstood the purpose of privacy law, theorizing that users have an obligation to adopt complex, technological measures to assert privacy claims. That is what people do in the absence of law. That is why laws are enacted."

Facebook uses "cookies"—small text files that a server creates and sends to a browser—to track users on websites that contain a Facebook plugin such as the "Like" button. EPIC explained that the cookie, originally developed to assist users to complete purchases on a particular website, "has been transformed into a method for tagging, tracking, and monitoring people as they move across the network." It would be absurd, EPIC argued, to expect users to compete in a "technical arms race" when "Facebook's tracking techniques are designed to escape detection and the company routinely ignores users' privacy protections."

EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." Following this groundbreaking report, EPIC conducted additional research and revealed that the Direct Marketing Association and other industry leaders proposed a "self-regulatory" model that failed to protect the privacy of Internet users. EPIC also filed the first complaint with the FTC against DoubleClick, a company engaged in invasive cookie tracking.

EPIC frequently participates as amicus curiae in consumer privacy cases, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.

4. EPIC Advises FCC on Robocalls Regulation

EPIC has advised the Federal Communications Commission (FCC) on how to interpret the Telephone Communications Protection Act (TCPA) to best protect consumers in light of a recent decision by the D.C. Circuit in ACA Int'l v. FCC. EPIC explained the court's reasoning strongly favors the definition of "called party" as the current subscriber, rather than "the person the caller reasonably expected to reach," in order to protect consumers with reassigned numbers. EPIC also urged the FCC to require callers to meet three conditions to simplify the revocation of consent: (1) inform consumers of their right to revoke; (2) provide a simple means of revocation; and (3) comply in a timely manner.

EPIC was involved in the case that created this comment opportunity. EPIC filed a "friend-of-the-court brief" in ACA Int'l v. FCC concerning the FCC's regulations for the TCPA. EPIC's amicus brief supported the FCC regulations and argued that consumers could revoke consent by any "reasonable means." EPIC said that companies "seeking to engage in privacy-invading business practices" bear "the burden of proving consent." The court agreed that consumers could withdraw consent by all "reasonable means." However, the court vacated other aspects of the rule, including the definition of automated telephone dialing system and proposed procedures for calls to reassigned numbers.

EPIC has submitted numerous comments to the FCC and the Federal Trade Commission concerning the implementation of the TCPA. In advance of a recent hearing on "Abusive Robocalls and How We Can Stop Them," EPIC submitted comments to support additional regulation of robocalls. EPIC recommended reforms that would combat fraud while protecting privacy. EPIC played a leading role in the creation of the TCPA and continues to defend the Act by addressing emerging challenges to consumer protection law.

5. In EPIC FOIA Case, FTC Releases New Information from Facebook Audits

In response to an EPIC Freedom of Information Act lawsuit, the Federal Trade Commission recently released materials, previously withheld, from the biennial Facebook audits. The independent third-party audits, conducted by PricewaterhouseCoopers, are required by the FTC's 2011 Consent Order with Facebook. Heavily redacted versions of those audits were previously available on the FTC's website but did not disclose the auditing process.

In March, following the Cambridge Analytica breach, EPIC filed an urgent FOIA request for the complete 2013, 2015, and 2017 Facebook audits. The FTC released the 2017 audit, which stated that "Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information." The 2017 audit covers the period of the Cambridge Analytica breach, where the data of up to 87 million Facebook users were unlawfully transferred to a third party political data mining firm. But the FTC failed to release the Facebook audits in unredacted form, and EPIC filed suit.

The newly released documents include details of PricewaterhouseCoopers' assessment process. The audits identify 44 specific procedures that Facebook allegedly implemented to achieve the objectives of its privacy program. A list of individuals interviewed as part of PwC's assessment procedures is also included. But the rereleased 2017 audit does not contain any information about the detection of third-party application access to restricted user data.

In a letter to Congress in April, EPIC explained that the FTC failed to review the reports and failed to enforce the 2011 consent order against Facebook. EPIC is continuing to review the documents obtained from the FTC and will use all means necessary to get the full, unredacted audits.

News in Brief

California Passes Milestone Privacy Law

The State of California has enacted the California Consumer Privacy Act of 2018, the most comprehensive consumer privacy state law ever enacted in the United States. The Act will establish the right of residents of California to know what personal information about them is being collected; to know whether their information is sold or disclosed and to whom; to limit the sale of personal information to others; to access their information held by others; and to obtain equal service and price, even if they exercise their privacy rights. The Act will allow individuals to delete their data and it will establish opt-in consent for those under 16. The Consumer Privacy Act provides for enforcement by the Attorney General, a private right of action, and will establish a Consumer Privacy Fund to support the purposes of Act. The California Consumer Privacy Act of 2018 follows a California ballot initiative that gathered over 600,000 signatures. After the Equifax data breach, EPIC testified in the U.S. Senate that comprehensive privacy legislation was long overdue. The EPIC State Policy Project also provides expertise to the states to help shape strong privacy laws.

EPIC Supports NIST Cryptographic Standards Process

In comments to the National Institute of Standards and Technology, EPIC backed NIST's efforts to coordinate "lightweight" crypto standards. EPIC took no position on the specific proposal, but expressed support for the NIST standard-setting process. EPIC said, "NIST's expertise in cryptography, its authority to accept public comment, and its ability to bring together leading experts to evaluate proposals is critical to the adoption of trustworthy computer standards in the United States and around the world." EPIC helped establish the freedom to use encryption in the United States with the "Clipper Chip" petition and has pursued many efforts to safeguard this right. Last month, EPIC advised NIST to revise the Risk Management Framework to make clear that federal agencies are required to conduct privacy impact assessments.

EPIC Advises UK Data Protection Authority on GDPR Implementation

EPIC has submitted comments to the UK Data Protection Authority on implementation of the General Data Protection Regulation. EPIC urged the UK privacy agency to (1) promote transparency of enforcement proceedings, (2) increase scrutiny of mergers concerning personal data, and (3) encourage cooperation with the US FTC. EPIC said that international cooperation is necessary to hold companies accountable. Recently, EPIC and several consumer groups urged the FTC to investigate Facebook and Google's deceptive consent practices that violate both US and UK law. Last year, EPIC made similar recommendations on the FTC 2018-2022 Strategic Plan.

EPIC Seeks Records About White House AI Committee and Transparency

EPIC has submitted a Freedom of Information Act request to the General Service Administration about the White House's Select Committee on Artificial Intelligence. The Select Committee will advise the President and coordinate AI policies among executive branch agencies. The Select Committee charter states that it may receive advice from private sector groups, but it does not state whether the public will participate in the committee's activities. EPIC is seeking records from the GSA to determine whether the Committee intends to comply with federal open meeting obligations. EPIC has previously told Congress that the Select Committee should be open to public comment.

EPIC Urges Senate Committee to Focus on Consent Order with Facebook

EPIC has sent a statement to the Senate Commerce Committee outlining the FTC's failure to enforce the 2011 Consent Order with Facebook. The statement from EPIC is for a hearing on "Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks." In 2009, EPIC and several consumer groups pursued a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook's data practices. The FTC established a Consent Order in 2011 but failed to enforce the Order even after EPIC sued the agency in a related matter. In the statement to the Senate, EPIC contends that the FTC could have prevented the Cambridge Analytica debacle and Facebook's secret arrangements with device makers if the agency enforced the 2011 Order.

After Carpenter Decision, EPIC Calls on Congress to Update Federal Wiretap Law

In advance of a hearing on "Bolstering Data Privacy and Mobile Security" EPIC has told the House Science Committee that Congress should apply a heightened "super warrant" standard to "StingRays," a technique for tracking cell phones users. After an EPIC FOIA lawsuit revealed that the FBI was using stingrays without a warrant, the Bureau changed its practices. EPIC filed amicus briefs in U.S. v. Jones and Carpenter v. U.S., two recent Supreme Court cases, arguing that a warrant is required to obtain location information. In a landmark ruling last month, the Supreme Court held that the Fourth Amendment protects location records generated by mobile phones. As a consequence, EPIC said, Congress should update federal privacy law.

EPIC to Congress: Require Transparency for Use of AI

In advance of a hearing on "Artificial Intelligence - With Great Power Comes Great Responsibility," EPIC told the House Science Committee that Congress must implement oversight mechanisms for the use of AI. EPIC said that Congress should require algorithmic transparency, particularly for government systems that involve the processing of personal data. EPIC said that Congress should amend the E-Government Act to require disclosure of the "logic" of algorithms that profile individuals. EPIC also said that the White House Select Committee on Artificial Intelligence should be open to public comment. EPIC has pursued several criminal justice FOIA cases, and FTC consumer complaints to promote transparency and accountability. In 2015, EPIC launched an international campaign for Algorithmic Transparency.

D.C. Circuit Sets Date for Argument in EPIC v. IRS, FOIA Case for Trump's Tax Returns

The D.C. Circuit has scheduled oral argument in EPIC v. IRS, EPIC's Freedom of Information Act case to obtain public release of President Trump's tax returns. The Court will hear the case on Thursday, September 13, 2018. EPIC has argued that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." A broad majority of the American public favor the release of the President's tax returns. EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyber attack) and EPIC v. DHS (election cybersecurity).

U.S. Consumer Groups Urge FTC to Examine 'Deceived by Design' Practices

EPIC and a coalition of consumer organizations sent a letter to the FTC about recent tactics by Facebook and Google to trick users into disclosing personal data. "We urge you to investigate the misleading and manipulative tactics of the dominant digital platforms in the United States, which steer users to 'consent' to privacy-invasive default settings," the letter states. The letter highlights a report by the Norwegian Consumer Council entitled "Deceived by Design," which details how companies employ numerous tricks and tactics to nudge users into selecting the least privacy-friendly options. EPIC and consumer privacy organizations previously filed complaints with the FTC when Facebook undermined users' privacy settings and Google automatically opted users into Google Buzz. In both cases, the FTC determined that the companies had engaged in "unfair and deceptive trade practices." Both Facebook and Google settled with the FTC and were then subject to 20-year consent orders that were intended to prevent the companies from engaging in similar practices in the future.

Court Orders Defunct Presidential Election Commission to Release Records

A federal court in Washington, DC has ruled that the Presidential Election Commission must release a large volume of records detailing its activities from last year. The ruling, in a case brought by Maine Secretary of State and EPIC Champion of Freedom Matthew Dunlap, requires the Commission to disclose all "relevant documents that any of the former commissioners generated or received." After the court ordered the Commission to release the same records in December, the President abruptly disbanded the Commission. EPIC brought the lead case against the Commission, forcing it to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the voter information that was unlawfully obtained. EPIC is continuing to pursue its case on appeal and will ask the Supreme Court to grant review.

D.C. Circuit Denies EPIC's Petition, Will Not Mandate Privacy Rules for Drones

The D.C. Circuit ruled last month in EPIC v. FAA that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the 2016 rule authorizing commercial drone operations without any privacy safeguards. The D.C. Circuit declined to reach the merits of EPIC's challenge, finding that neither EPIC nor its members had established an "injury" caused by the FAA rule. EPIC will continue to push for the establishment of drone privacy safeguards at the FAA. The drone privacy case is EPIC v. FAA, No. 16-1297 (D.C. Cir.).

Facebook's Response to Congress Provides More Evidence of Consent Order Violations

Late last week, Facebook submitted over 700 pages of responses to questions from members of Congress following Mark Zuckerberg's testimony in April. Facebook has now admitted that it provided developers and device makers access to personal data despite publicly stating that it had discontinued the practice. In April EPIC submitted a detailed letter to Congress, explaining that the Cambridge Analytica breach could have been avoided if the FTC had enforced the 2011 Consent Order. That Consent Order was the result of extensive complaints EPIC and consumer organizations filed with the FTC in 2009 and 2010. In March, the Acting Director of the FTC stated "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."

White House Organizes Secret Meeting on Future of Artificial Intelligence

The White House's Select Committee on Artificial Intelligence held its first meeting last week, but the public was not invited. The Select Committee was announced in May at the White House Summit on Artificial Intelligence for American Industry which was also closed to public participation. According to the Summit report, many of the critical issues in the AI field, including "fairness," "transparency," and "accountability," were never mentioned. EPIC has filed a Freedom of Information Act request seeking records about the establishment of the Select Committee. In advance of a recent hearing on Artificial Intelligence, EPIC told the House Science Committee that Congress must implement oversight mechanisms for the use of AI by federal agencies and ensure that the White House Select Committee is open to public participation.

FTC Launches New Inquiry on 'Competition and Consumer Protection in the 21st Century'

The FTC Chairman Joe Simmons has announced that the FTC will hold a series of public hearings this fall on how to safeguard consumer protection and competition in light of economic and technologic developments. "The hearings may identify areas for enforcement and policy guidance, including improvements to the agency's investigation and law enforcement processes, as well as areas that warrant additional study," said the FTC. The hearings will focus on several topics, including "the intersection between privacy, big data, and competition" and "the use of algorithmic decision tools, artificial intelligence, and predictive analytics." The FTC is requesting public comment in advance of the hearings. This will be the first time the FTC has reexamined its approach to consumer protection and competition since the FTC's 1995 hearings on "Global Competition and Innovation." EPIC participated in those hearings and helped the FTC develop authority to address emerging privacy issues. More recently, EPIC has put forward "10 Recommendations" for how the FTC can protect consumers, promote competition, and encourage innovation.

At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order

In a recent Senate Commerce Committee hearing on Facebook and data privacy, former FTC CTO Ashkan Soltani stated that Facebook violated the 2011 FTC Consent Order by transferring personal data to Cambridge Analytica and device makers contrary to user privacy expectations. Soltani said that Facebook continued to misrepresent the extent to which users could control their privacy settings and allowed device makers to override users' privacy settings. Senator Blumenthal and other members of Congress had previously said the company violated the Consent Order, which was the result of complaints filed by EPIC in 2009 and 2010. In a statement to the Committee in advance of the hearing, EPIC urged the Senate to focus on the FTC's failure to enforce the Consent Order with Facebook.

EPIC in the News

• CA Gov. Jerry Brown signs law to give consumers broad privacy rights, CNET, June 29, 2018
• Home Personal Finance Facebook, Google privacy settings trick consumers into giving up data, consumer groups allege, MarketWatch, June 29, 2018
• Facebook and Google accused of using 'dark patterns' to manipulate users, Mashable, June 29, 2018
• Will federal officials further regulate online political ads? Too soon to tell., Center for Public Integrity, June 29, 2018
• Supreme Court puts us on a pro-privacy path for the cyber age, The Hill (EPIC Senior Counsel Alan Butler), June 29, 2018
• Personal Information of 340 Million People and Businesses Leaked By Florida Marketing Firm, Gizmodo, June 28, 2018
• Data-broker leak exposes 340 million personal records, Engadget, June 28, 2018
• Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records, WIRED, June 28, 2018
• Exactis Exposes Non-Financial Data On Close To 340M Americans, PYMTS.com, June 28, 2018
• Google And Facebook Push Users To Cede Privacy, Advocates Say, MediaPost, June 28, 2018
• Consumer groups urge FTC to probe Google, Facebook data-consent tactics, The Hill, June 28, 2018
• Consumer groups want FTC probe into Facebook, Google privacy settings, POLITICO Pro, June 28, 2018
• Good News! The Privacy Wins Keep Coming, WIRED, June 27, 2018
• 'Deceived by Design:' Google and Facebook Accused of Manipulating Users Into Giving Up Their Data, Fortune, June 27, 2018
• Pasadena Ninth Circuit Court Federal Judges Hear Case About Revealing Identities of California Political Donors, Pasadena Now, June 26, 2018
• Adam Laxalt adds name to lawsuit concerning top GOP donors, Las Vegas Review-Journal, June 25, 2018
• States To Steer Drone Privacy After DC Circ. FAA Ruling, Law360, June 22, 2018
• Carrying a cellphone creates a "historical log" of movements, privacy expert says, CBS News, June 22, 2018
• Maryland Gov. Hogan, possible Democratic rivals expand voter outreach with technology, Baltimore Sun, June 21, 2018
• Google, Facebook domination has RUINED the internet for everyone, warns EPIC report, NewsTarget, June 21, 2018
• DC Circ. Grounds Battle Over Privacy In FAA Drone Rules, Law360, June 20, 2018
• EPIC sends epic message, JD Supra, June 20, 2018
• Drone Privacy: EPIC v. FAA Tossed by D.C. Circuit Court, Drone Life, June 20, 2018

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

Internet Communication Disclaimers and Definition of 'Public Communication.' June 28, 2018. Federal Election Commission, Washington, DC. Christine Bannan, EPIC Administrative Law and Policy Fellow.

Press Forum on GDPR and Privacy Regulation. July 9, 2018. Federalist Society, Washington, DC. Sunny Kang, EPIC International Consumer Counsel.

Artificial Intelligence – Striking the Balance between Privacy and Competitiveness. July 18, 2018. European Liberal Forum's Transatlantic Lab, Washington, DC. Christine Bannan, EPIC Administrative Law and Policy Fellow.

Next-Generation Digital Infrastructure: Towards a New Regime for Promoting Investment, Competition and Consumer Protection. Aug. 13–15, 2018. Aspen, CO. Marc Rotenberg, EPIC President.

Privacy, News, and the Future of Freedom of the Press. Sep. 27-28, 2018. Tulane Law School, New Orleans, LA. Marc Rotenberg, EPIC President.

'Debating Ethics: Dignity and Respect in Data Driven Life.' Oct. 21-25, 2018. 40th International Conference of Data Protection and Privacy Commissioners, Brussels, Belgium. Marc Rotenberg, EPIC President.

'Going Digital.' Nov. 12-13, 2018. Working Party on Security and Privacy in the Digital Economy, OECD, Paris. Marc Rotenberg. EPIC President.

Internet Governance Forum 2018. Nov. 14, 2018. UNESCO, Paris. Marc Rotenberg, EPIC President.

Centrum Wiskunde & Informatica Privacy and Security Lecture. Nov. 17, 2018. CWI, Amsterdam. Marc Rotenberg, EPIC President.

'Going Digital.' Mar. 11-12, 2019. OECD, Paris. Marc Rotenberg, EPIC President.