EPIC Alert 26.15

EPIC Alert logo

1. Court Rules Georgia Must Replace DRE Voting Systems by 2020, Cites EPIC Amicus

A federal court has ruled that Georgia must replace the state's paperless Direct Recording Electronic voting machines before the 2020 election. The court also ruled that Georgia must develop a contingency plan using hand-marked paper ballots with optical ballot scanners and voter-verifiable, auditable ballot records.

Judge Amy Totenberg wrote that Georgia had been "slow and poorly equipped in tackling the security and functionality challenges afflicting its current voting system and the well-established deficiencies in a non-auditable DRE voting system." The court highlighted the "imminent threats of contamination, dysfunction, and attacks on State and county voting systems," pointing to efforts by Russian intelligence "to identify election data system vulnerabilities through probing of county election websites in Georgia and two other states."

EPIC, in an amicus brief joined by 31 legal scholars and technical experts, urged the court to stop Georgia's use of Direct Recording Electronic voting machines. EPIC told the court that "the continued use of these systems poses a direct threat to personal privacy, election integrity, and democratic institutions." The court cited EPIC's brief, noting "almost from their inception, DREs have been plagued by warnings that the voting machines are unreliable, insecure, and unverifiable."

Georgia's Secretary of State recently announced that the state would purchase Ballot Marking Devices, but technical experts have warned these devices suffer from many of the same vulnerabilities as DRE voting machines.

EPIC has long defended voter privacy and advocated for stronger election security. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy. The Georgia case is Curling v. Raffensperger.

2. EPIC Challenges Justice Department's Refusal to Search for Location Tracking Orders

EPIC has filed an amended complaint against the Department of Justice, charging that the agency engages in a "pattern and practice" of violating the Freedom of Information Act.

Last year, EPIC filed a FOIA lawsuit to compel the DOJ to disclose records about locational surveillance—surveillance that the Supreme Court found unconstitutional in Carpenter v. United States. The suit is based on two EPIC FOIA requests seeking applications filed by federal prosecutors to obtain customer communications from ISPs.

After EPIC filed suit, the DOJ refused to search for the records and claimed that it "does not track" the agency's applications for surveillance orders. EPIC now alleges that the DOJ has engaged in a pattern and practice that violates the FOIA.

Federal agencies are required by law to search for records that are "reasonably described." EPIC wrote "agency's unlawful policy, pattern, and practice of refusing to conduct a search in response to reasonably described FOIA requests such as EPIC's will continue absent intervention by this Court."

The case is EPIC v. DOJ, No. 18-1814 (D.D.C.).

3. EPIC Comments on Council of Europe Draft AI Recommendation

EPIC has filed comments on the Council of Europe's Recommendation on AI and human rights. Drafted by a committee of human rights experts, the Recommendation is expected to be adopted by the Council in early 2020.

The Recommendation includes proposals to protect human rights when governments and private actors use artificial intelligence systems. These proposals include testing of AI systems, eliminating discrimination, and providing transparency.

EPIC expressed strong support for the draft Recommendation, noting nearly all of the Universal Guidelines for Artificial Intelligence principles are included. EPIC also recommended that the Council incorporate UGAI principles prohibiting secret profiling and unitary scores and requiring termination of AI systems that spin out of control.

EPIC has urged U.S. federal agencies to adopt implement the OECD guidelines and adopt the UGAI as a baseline for AI policy. EPIC and more than two dozen legal scholars and technology experts recently called on the White House to safeguard personal data in U.S. AI research and development.

The Universal Guidelines are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights. Over 250 experts and 60 organizations have endorsed the Universal Guidelines.

4. Congress to Consider Moratorium on Facial Recognition

House leaders are set to consider a moratorium on government funding for new uses of facial recognition software by federal agencies. "We don't want any more money being used, no money used to expand what we have or to purchase any new ability to impact or use this technology," Rep. Jim Jordan (R-OH) told POLITICO.

The House Oversight Committee is also considering restricting existing uses of the technology following a hearing on the Department of Homeland Security's facial recognition programs. Prior to the hearing, EPIC briefed members of the House committee about the entry-exit program at U.S. airports. Air travelers have reported that it is difficult to opt out, and the agency has still not conducted a required rulemaking.

Last month, EPIC led a coalition of over 35 organizations urging Congress to halt the use of facial recognition tools on the general public. The groups warned that "[t]he use of face recognition technology by the DHS poses serious risks to privacy and civil liberties, threatens immigrants, broadly impacts American citizens, and has been implemented without proper safeguards in place or explicit Congressional approval."

In a recent statement to the House Appropriations Committee, EPIC recommended that Congress halt the funding for the facial recognition program at the Transportation Security Administration. After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program.

5. Giovanni Buttarelli, 1957-2019

Giovanni Buttarelli, the European Data Protection Supervisor and the recipient of the 2019 EPIC Champion of Freedom Award, has passed away. He was 62.

"We are all profoundly saddened by this tragic loss of such a kind and brilliant individual. Throughout his life Giovanni dedicated himself completely to his family, to the service of the judiciary and the European Union and its values," Buttarelli's office said in a statement.

Buttarelli led efforts in the European Union and around the world to establish privacy as a fundamental human right. At the 2018 privacy commissioners conference in Brussels, he spoke about the need to place humanity at the forefront of the digital society. Buttarelli said "we need to establish a sustainable ethics for a digital society."

Buttarelli was one of the first signatories of the Universal Guidelines for Artificial Intelligence, a framework for AI governance based on the protection of human rights.

At the 2019 EPIC Champion of Freedom Awards event in Brussels, Shoshana Zuboff (11:30) said "Giovanni has lifted our sights . . . to the essence of the quality of the information society that will be our true legacy . . . ." Buttarelli also spoke at the event (16:45).

News in Brief

Court Grants Facebook's Motion to Intervene in EPIC v. FTC

The D.C. District Court has granted Facebook's motion to intervene in EPIC's case against the Federal Trade Commission for the release of the biennial audits required by the 2011 Consent Order. The FTC turned over redacted reports to EPIC but withheld certain information, citing a confidential business information provision. EPIC explained to the court, the "release of the full audits is crucial for Congress, the States Attorneys General, and the public to evaluate how the Cambridge Analytica breach occurred." EPIC opposed Facebook's attempt to intervene but the Court granted Facebook's motion. Before the same judge, EPIC is also pursuing intervention in United States v. Facebook, a case concerning the proposed settlement between FTC and Facebook. Facebook's answer to EPIC's complaint is due September 3, 2019. The case is EPIC v. FTC, No. 18-942 (D.D.C).

Administration Seeks Reauthorization of NSA Phone Record Program

The Administration is seeking reauthorization of the NSA phone record collection program, according to a letter from Director of National Intelligence Dan Coats published by the New York Times. The Patriot Act "Section 215" program originally allowed the bulk collection of all telephone records of Americans. In 2013, following the Snowden disclosures, EPIC filed a petition with the Supreme Court, challenging the lawfulness of the bulk collection program. Congress then held extensive hearings which found the program was ineffective and later passed the USA Freedom Act, which limited the data collection. NSA has since acknowledged significant compliance problems with the Freedom Act, and the Coats letter confirms that the program was subsequently suspended. EPIC has joined civil liberties organizations in calling for a permanent end to the NSA's phone record collection program.

Supreme Court Asked to Hear Donor Privacy Case

An advocacy group has asked the U.S. Supreme Court to hear a case concerning a California law requiring charitable organizations to disclose the names and addresses of their major donors. Last year, a federal appellate court found that the law does not violate the First Amendment "because the information is collected solely for nonpublic use, and the risk of inadvertent public disclosure is slight." EPIC filed an amicus brief in the case, arguing that the reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." Citing several data breaches concerning state records, EPIC also explained that California had "failed to implement basic data protection standards" for donor information. EPIC has argued for donor privacy and similar constitutional rights of anonymity in Packingham v. North Carolina, Doe v. Reed, and Watchtower Bible v. Stratton.

Senators Press NHTSA on Dangers of Internet-Connected Cars

Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) sent a letter to the National Highway Traffic Safety Administration to ask about the steps taken to protect consumers from the security vulnerabilities of internet-connected cars. The senators wrote: "We are concerned by the lack of publicly-available information about the occurrence and handling of cyber vulnerabilities in internet-connected cars, and believe that NHTSA should be aware of these dangers in order to take possible regulatory action." In comments to NHTSA, EPIC called for national safety standards for connected cars. EPIC also underscored the privacy risks of modern vehicles in a recent amicus brief to the Supreme Court.

Gallup Poll: Americans Divided on Regulation for Big Tech Firms

A new Gallup poll found that 48 percent of respondents said the government should boost its regulation of technology companies like Amazon, Facebook and Google, while 40 percent said regulation of these firms shouldn't change. Roughly 60 percent of self-identified liberals, union members, college graduates and Democrats support increased oversight of tech companies. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger laws to protect their privacy. EPIC has also opposed mergers that threaten consumer privacy, including Facebook's acquisition of WhatsApp, Google's acquisition of DoubleClick, and Google's acquisition of Nest Labs.

Company Violates Privacy Shield, FTC Imposes No Penalty

The FTC entered into an enforcement agreement against background screening company SecurTest for falsely claiming to offer privacy protections to EU citizens. According to the FTC, SecurTest's website falsely claimed to participate in the EU-U.S. Privacy Shield, a framework that permits the transfer of Europeans' personal data to the U.S. The settlement requires SecurTest to halt misrepresentations and submit to compliance monitoring but provides no remedy to those EU citizens who used the service. In recent comments on Privacy Shield, EPIC noted the absence in the US of a comprehensive federal privacy law and a data protection authority, with the authority to enforce privacy rights. The European Commission will formally decide whether to renew the pact this fall.

Facebook Faces More Civil Rights Lawsuits

A new lawsuit alleges that Facebook violated the Fair Housing Act by allowing advertisers to use factors such as race, sex, and disability to prevent home buyers and renters from seeing housing ads. Facebook recently settled claims and made changes to its advertising practices following lawsuits by the Department of Housing and Urban Development. EPIC is currently challenging the FTC's settlement with Facebook, arguing that it provides little benefit to Facebook users. EPIC also supports algorithmic transparency, which would reduce bias and help ensure fairness in automated decisionmaking. EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries.

Just Security Publishes Expert Summaries of Mueller Report

Just Security has published a new collection of expert summaries of the Mueller Report. The collection includes two entries by Professor Jennifer Daskal, Chair of the EPIC Board, on Russian hacking operations and Special Counsel's charging decisions under the Foreign Agent Registration Act. In EPIC v. DOJ, EPIC is seeking the complete, unredacted Mueller Report. EPIC recently argued for the full release of the Report before Judge Reggie B. Walton. A ruling in the case is expected this fall. Copies of the Mueller Report obtained by EPIC, related materials, and background on the case are available for purchase at the EPIC Bookstore.

Grindr User Asks Supreme Court to Hear Dating App Abuse Case

A Grindr user has asked the U.S. Supreme Court to review a federal appellate court's refusal to find the dating app liable for failing to remove a false profile that enabled abuse. EPIC filed an amicus brief in Herrick v. Grindr, arguing that Section 230, the law the appeals court found barred liability, was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues. Herrick's attorney (and EPIC Champion of Freedom Award winner) Carrie Goldberg recently published "Nobody's Victim: Fighting Psychos, Stalkers, Pervs, and Trolls."

EPIC in the News

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

EPIC v. Department of Justice: The Mueller Report, edited by Marc Rotenberg (2019)

EPIC v. Department of Justice: The Mueller Report chronicles the efforts to obtain a full account of Russian interference in the 2016 presidential election. EPIC filed the first lawsuit in the country for the release of the full and unredacted Mueller Report and obtained a newly redacted version in early May 2019. EPIC is now challenging the redactions made by the Department of Justice in federal court. This volume is an essential guide to the legal arguments about the redactions, the dispute between the Attorney General and the Special Counsel, and EPIC's request for the Mueller Report and other records about Russian interference in the 2016 presidential election.

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

AI and The Rule of Law. Sept. 20-21, 2019. IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems. Athens, Greece. Marc Rotenberg, EPIC President.

National Tort Law Day. Oct. 5, 2019. American Museum of Tort Law. Winsted, CT. Marc Rotenberg, EPIC President.

41st International Data Protection and Privacy Commissioners Conference. Oct. 21–24, 2019. Tirana, Albania. Marc Rotenberg, EPIC President.

Privacy and Personal Data Protection Enforcement. Nov. 18, 2019. EPIC and the UK ICO. OECD. Paris, France. Marc Rotenberg, EPIC President.

CPDP 2020: Data Protection and Artificial Intelligence. Jan. 22–24, 2020. Brussels, Belgium. Marc Rotenberg, EPIC President.

Share this page:

Defend Privacy. Support EPIC.
EPIC Mueller Report book
US Needs a Data Protection Agency