Focusing public attention on emerging privacy and civil liberties issues

Previous Top News 2005

  • EPIC Posts Complete Alito Princeton Privacy Report. As a student at Princeton University, Supreme Court nominee Samuel Alito put together a remarkable report on the future of privacy in America. EPIC has obtained a complete copy of the report and, in cooperation with the Seeley G. Mudd Manuscript Library at Princeton University, has made it available online at the EPIC Web site. (Dec. 28)
  • Alito Report and Memo Raise New Questions About Nominee's Views on Privacy. A conference report (pdf) prepared by Samuel Alito in college revealed strong support for the right of privacy and oversight of domestic surveillance. But the Supreme Court nominee said in a 1984 memo (pdf) for the Justice Department that the attorney general should be immune from lawsuits for ordering wiretaps of Americans without permission from a court. EPIC prepared a detailed analysis (pdf) of the privacy views of Chief Justice Roberts and will release an analysis of Judge Alito's views in January 2006. (Dec. 27)
  • Congress Enacts One-Month Patriot Act Extension. Following widespread public debate, intense negotiation, and political maneuvering, the Congress has extended the Patriot Act until February 3, 2006. More information about the Patriot Act can be found at EPIC's FISA page, Patriot Act page, Patriot Act Sunset page, and Patriot Act FOIA page. (Dec. 23)
  • Gallup Poll: Americans Oppose Violation of Civil Rights In Fight Against Terrorism. A CNN/USA Today/Gallup poll finds "65% of Americans saying that while the government should make efforts to fight terrorism, it should not take steps that violate basic civil liberties." When asked specifically about the Patriot Act, Gallup reports that "34% of Americans say the law goes too far in restricting people's civil liberties, 41% say it is about right, and 18% say it doesn't go far enough. These views are little changed from a similar measure last June." See EPIC's Public Opinion and Privacy page. (Dec. 21)
  • EPIC Urges Suspension of Passenger Profiling System. About 30,000 air passengers have reported being wrongly matched to federal watch lists. These frustrating problems flow from the failure to fully apply privacy protections to watchlist databases, especially the right of individuals to access and correct their records, EPIC said in comments (pdf) to the Transportation Security Administration. EPIC urged the suspension of the Registered Traveler program, one version of which is administered by a private contractor not subject to any Privacy Act obligations, until security and privacy problems can be resolved. For more information, see EPIC's Passenger Profiling and Spotlight on Surveillance pages. (Dec. 15)
  • President Bush States the Obvious. President Bush issued an executive order today directing federal agencies to comply with the Freedom of Information Act. The order also requires each agency to appoint a chief FOIA officer and at least one public liaison, and to establish a requester service center. Chief FOIA officers must review agencies' FOIA operations and report findings, as well as plan for improvement. The order does not repeal a memo issued by Attorney General Ashcroft a month after 9/11 that discouraged free release of information under the FOIA. For more information, see EPIC's Open Government page. (Dec. 14)
  • Court Hears Arguments in Air Travel ID Case. The Ninth Circuit Court of Appeals recently heard arguments in Gilmore v. Gonzales, a case challenging an unpublished federal rule that passengers show ID before boarding commercial airplanes. EPIC filed a "friend of the court" brief (pdf) stating that secret law violates constitutional due process rights. (Dec. 14)
  • EPIC Documents Show FBI "Bypass" of Oversight Office. EPIC held a press conference on Capitol Hill today to release PATRIOT Act documents obtained in EPIC V. DOJ, a Freedom of Information Act lawsuit. The documents included internal e-mails (pdf) and memoranda (part 1 | part 2, both pdf) in which FBI officials expressed frustration that the Office of Intelligence Policy and Review, an internal check on FBI authority, had not approved applications for Section 215 orders, the so-called "library records" provision. A 2004 memo (pdf) refers to "recent changes" allowing the FBI to "bypass" the Office of Intelligence and Policy Review. The FBI is under court order to provide further information to EPIC about the Patriot Act sunset provisions. EPIC's statement on the disclosure and the significance for Patriot Act renewal is available here (pdf). For more information, see EPIC's PATRIOT FOIA page. (Dec. 13)
  • FTC Fines Directv $5.3M for Telemarketing Violations. The Federal Trade Commission today announced an agreement with satellite television provider Directv where the company agreed to pay $5.3 million to settle violations of the Do-Not-Call Telemarketing Registry. Directv was using telemarketing agents to call individuals on the Do-Not-Call Registry, and these agents were "abandoning" calls, that is, initiating a call and hanging up before the consumer can answer. Today's settlement was the largest amount levied against any company for violations of the Do-Not-Call rules. For more information, see EPIC's Telemarketing Page. (Dec. 13)
  • Groups Comment on Parent Locator Database. EPIC was joined by the Privacy Rights Clearinghouse and World Privacy Forum in suggesting accountability and accuracy improvements for government access to "parent locator services." These services, which were first implemented to locate "deadbeat dads," have expanded to include an incredible array of personal information. The comments explain the need for audit logs and for the ability for individuals to correct information in the database. (Dec. 13)
  • EPIC Uncovers Government Documents that Reveal Passport Problems. According to documents (pdf) obtained by EPIC under the Freedom of Information Act, a government report found significant problems with new hi-tech passports. Tests conducted last year revealed that "contactless" RFID passports impede the inspection process. At a meeting of a Privacy Advisory Committee today in Washington, EPIC urged (pdf) the Department of Homeland Security to abandon the use of RFID technology in E-Passports and the US-VISIT program. For more information, see EPIC's RFID and US-VISIT pages. (Dec. 6)
  • EPIC Sues For Data on Tax Record Requests. EPIC has asked (pdf) a federal court to order the Internal Revenue Service to release documents about law enforcement and intelligence requests for taxpayer records since 9/11. EPIC has been seeking the information since July 2004, but the agency has failed to disclose any documents. For more information, see EPIC's IRS page. (Nov. 28)
  • Government Agency Seeks New Power to Track Air, Ship Passengers. The Centers for Disease Control and Prevention has proposed a rule that would greatly expand the powers of the federal government to track travelers. Airline and shipping industries would be required to gather passenger contact and health information, maintain it electronically for at least 60 days, and release it to the CDC within 12 hours of a request. The public has 60 days to comment on this rule. EPIC and Patient Privacy Rights are calling for strong medical privacy protections in an online petition. For more information, see EPIC's Medical Privacy page. (Nov. 23)
  • EPIC: MD and NY Need Credit Freeze. Both the Maryland Attorney General and New York State Legislature are holding forums today concerning "credit freeze." Credit freeze laws allow individuals to restrict the dissemination of their credit report in order to prevent identity theft. EPIC's comments (also available in pdf) explain why individuals cannot rely upon existing protections against identity theft, and need credit freeze to regain control of their personal information. For more information, see EPIC's Identity Theft Page. (Nov. 21)
  • Senators Move to Block PATRIOT Act Renewal. Six senators have spoken out (pdf) against a proposal that would renew parts of the PATRIOT Act slated to lapse at the end of the year. The bipartisan group said that a compromise of House and Senate bills doesn't do enough "to protect innocent people from unnecessary and intrusive government surveillance." The senators declared that if changes to the proposal are not made, they will work to ensure it does not become law. For more information, see the EPIC PATRIOT Act Sunset page. (Nov. 18)
  • Court Orders FBI to Release PATRIOT Act Information to EPIC. A federal judge has ordered (pdf) the FBI to publicly release or account for thousands of pages of information about the government's use of PATRIOT Act powers. EPIC filed a Freedom of Information Act request (pdf) for the documents nearly eight months ago, just as Congress announced it would hold hearings on sunsetting PATRIOT Act powers. The hearings ended in June, and Congress is expected to vote on a finalized PATRIOT renewal bill within days. According to Judge Gladys Kessler, "the record shows that [the FBI's] efforts have been unnecessarily slow and inefficient." For more information, see the EPIC PATRIOT Act FOIA Litigation page. (Nov. 17)
  • Privacy Commissioner: "Drastic Action" Needed to Protect Phone Records. Canadian Privacy Commissioner Jennifer Stoddart has called for "drastic action" to address the problem of the security of phone records, after a reporter obtained both her personal and professional phone logs through a US-based data broker. EPIC identified 40 online data brokers that sell phone records, and has filed complaints at federal agencies to rein in these companies. To protect your records, call your phone companies to place a password on your account, and opt out of the sharing or sale of "CPNI." For more information, see EPIC's page on Protecting Phone Records. (Nov. 16)
  • EPIC Comments on Wiretap Backdoors In response to a proposed rule (pdf) by the Federal Communications Commission, EPIC filed comments (pdf) opposing the expansion of a wiretap law into voice-over-IP communications. The Commission's expansion of the Communications Assistance for Law Enforcement would require developers to build security backdoors for government wiretapping into a wide range of devices and applications, putting privacy and security at risk. For more information, see EPIC's Wiretap page. (Nov. 15)
  • Lawyers Call for Patriot Act Oversight A letter (pdf) from the President of the American Bar Association to Members of Congress considering Patriot Act renewal states that the ABA is "concerned that there is inadequate Congressional oversight of government investigations undertaken pursuant to the Foreign Intelligence Surveillance Act to ensure that such investigations do not violate the First, Fourth, and Fifth Amendments to the Constitution." See ABA Resolution on FISA and EPIC's FISA page for more information. (Nov. 10)
  • EPIC Comments on Privacy of PA Court Records. In comments (also available in pdf) to the Pennsylvania court system, EPIC urged records custodians to protect personal information contained within court records. Court records contain sensitive personal information, including Social Security numbers, and these records increasingly are being used to build dossiers on individuals. Any person may comment on the proposed public access policy until November 17, 2005. For more information, see EPIC's Public Records and Privacy Page. (Nov. 9)
  • Phone Records Need Greater Protection. In reply comments (also available in PDF) to the Federal Communications Commission, EPIC argued that the agency needs to intervene to protect individuals' phone records from online data brokers. The reply comments respond to telephone carriers' arguments that no new security measures are needed, despite the demonstrated ease with which online data brokers can access phone records. For more information, see EPIC's page on Protecting Phone Records. (Nov. 9)
  • Coalition Sets Out Framework for Effective ID Theft Legislation. A coalition of privacy and consumer advocacy groups have set out a framework for effective legislation to address the growing problem of identity theft. The groups recommend strong notification requirements, better consumer control over personal information, limits on the use of the SSN, regulation of commercial data brokers, and protection for good state privacy initiatives. The annual cost of identity theft exceeds $50 billion. (Nov. 9)
  • Medical Records Privacy Important to Americans, Survey Finds. Sixty-seven percent of adults are concerned about the privacy of their personal medical records, according to a poll by the California HealthCare Foundation and the Health Privacy Project. Also, 52 percent fear that their health insurance information might be used by employers to limit job opportunities. Congress is considering a proposal to build a national Health Information Network, does not yet include adequate privacy safeguards. EPIC and Patient Privacy Rights are calling for strong medical privacy protections in an online petition. For more information, see EPIC's pages on Medical Privacy and Medical Privacy Polls. (Nov. 9)
  • Spotlight: Facial Recognition Systems Don't Picture Privacy. This month, Spotlight focuses on facial recognition systems. The Department of Homeland Security has spent millions of dollars on these "smart" cameras that attempt to identify people based on their facial images. However, several tests show the systems are not reliable. Facial recognition systems also create significant privacy risks: the cameras are often hidden and there are no laws to prevent abuse. For more information, see EPIC's Spotlight on Surveillance page. (Nov. 4)
  • EPIC Testifies on Registered Traveler. In testimony before a Congressional Committee on Homeland Security, EPIC Executive Director Marc Rotenberg said the new plan for passenger screening was still fatally flawed (pdf). EPIC warned that the problems with watch list errors have not been resolved, that there are no legal safeguards to prevent misuse, and that "mission creep" is almost certain. EPIC recommended that the program not go forward until these problems are fixed. See EPIC Spotlight on Surveillance and EPIC FOIA Note #8 for more on Registered Traveler. (Nov. 3)
  • Alito Paper on Privacy. EPIC has obtained a copy of the final report (pdf) prepared by Supreme Court nominee Samuel Alito for a 1972 conference on "the Boundaries of Privacy in American Society." The paper proposes far-reaching protections for the right of privacy, and specifically addresses such topics as the use of census data, polygraphs, domestic surveillance, communications privacy, computer security and encryption, consumer protection, and homosexuality. (Nov. 2)
  • EPIC and Patient Privacy Rights Urge Stronger Security for Medical Records. EPIC and Patient Privacy Rights have launched a joint campaign to strengthen protections for patients' medical information. Congress is rushing to pass legislation to establish a national Health Information Network without patient privacy safeguards. Yet a recent poll found that 69 percent of adults do not believe strong enough data security will be installed. In an online petition, EPIC and Patient Privacy Rights call for strong medical privacy protections. For more information, see EPIC's Medical Privacy page. (Oct. 27)
  • EPIC FOIA Documents Show Possible Patriot Act Abuses. Documents (pdf, 3.1 mb) obtained by EPIC under the Freedom of Information Act describe thirteen cases of possible FBI misconduct in intelligence investigations. The documents were released by the Bureau in response to an EPIC open government request (pdf) for information about the FBI's use of provisions of the PATRIOT Act. EPIC has written a letter (pdf) to the Senate Judiciary Committee highlighting the need for the Attorney General to report to Congress on potentially unlawful intelligence investigations. For more information, see EPIC's PATRIOT FOIA Litigation page. (Oct. 24)
  • Georgia Voting ID Law Violates Constitution. A federal court in Rome, Georgia has ruled (pdf) that a recently enacted voter ID law violates the federal Constitution. Enforcement of the law would have required voters to present a state-issued photo ID card in order to vote. The plaintiffs in the case argued that the cost and inconvenience of obtaining such an ID was too much for many poor voters. Georgia has only 58 Department of Driver Services for 159 counties. Earlier this year, EPIC submitted comments (pdf) to the Department of Justice, opposing the Georgia voter ID law. (Oct. 21)
  • Groups Say Wireless Network Should Be Privacy Friendly. In comments to the San Francisco City Government, EPIC joined with ACLU and EFF to urge the City to to respect individuals' privacy when deploying a municipal wireless Internet service later this year. The comments specify that individuals should not be tracked across sessions, and that server logging should be minimized. (Oct. 19)
  • EPIC and Over 100 Groups Seek End to DOD Recruiting Database. The Electronic Privacy Information Center (EPIC) and more than 100 local, state, and national organizations today urged Secretary of Defense Donald Rumsfeld to end the "Joint Advertising and Market Research Studies" Recruiting Database. The groups cited the broad exemptions to federal privacy laws that would allow the Defense Department to disclose personal information to others without an individual's consent or knowledge. The database would include name, date of birth, gender, address, telephone, e-mail address, Social Security Number, ethnicity, high school, education level, college, and intended field of study for more than 30 million Americans who are 16-25 years old. For more information, see EPIC's page on the DOD Recruitment Database. (Oct. 18)
  • EPIC Files Privacy Brief in DNA Dragnet Case. EPIC has filed a "friend of the court" brief in a federal case that raises the question of whether the police may coerce a person to provide a DNA sample. EPIC's brief, which provides detailed information on the many problems with DNA dragnets, argues that very clear guidelines must be established before the police may engage in this practice. Congress is also considering controversial legislation that would expand a national DNA database. See EPIC's Genetic Privacy page and EPIC's Kohler page. (Oct. 12)
  • FDA Urged to Examine Medical Marketing Databases. In comments (also available in pdf) to the Food and Drug Administration's upcoming forum on direct-to-consumer drug advertising, EPIC urged the agency to examine medical marketing databases. Medical marketers sell the personal information of people with cancer and other serious diseases. These databases can be used to target vulnerable groups, and the information collected often is not covered by privacy law. (Oct. 11)
  • Registered Traveler Program Creates Private ID System. "Spotlight on Surveillance" turns to the Registered Traveler air passenger prescreening program run by Verified Identity Pass, Inc. Travelers pay $80 per year and submit personal data, including Social Security numbers, fingerprints, and iris scans, to the company for the privilege of a "fast pass" through airport security. The program may expand beyond airports to office buildings and stadiums. The unregulated system not only contains significant security and privacy flaws, it also creates the risk that people may eventually have to pay for a privatized ID card simply to enter an office building. For more information, see EPIC's Spotlight on Surveillance and Passenger Profiling pages. (Oct. 6)
  • Election Verification Groups Urge Compliance with Federal Voting Laws. In a letter EPIC and eight election verification groups urge that the U.S. Election Assistance Commission fully comply with the Help America Vote Act. The groups object to the commission's decision to delay a mandate that requires a new testing laboratory accreditation process for voting systems. For more information, see EPIC's pages on Voting and Privacy and the National Committee for Voting Integrity project. (Oct. 4)
  • EPIC: US-VISIT ID Plan Still Has Security, Privacy Holes. In comments (pdf) to the Department of Homeland Security, EPIC again urged the agency to abandon a flawed proposal to embed Radio Frequency Identification tags in travel documents. The plan lacks basic privacy and security safeguards, and these costs substantially outweigh the limited timesaving benefits, EPIC said. For more information, see EPIC's US-VISIT and RFID pages. (Oct. 3)
  • EPIC Celebrates International Right to Know Day. International Right to Know Day honors the global effort for openness in government. On this day in 2002, freedom of information organizations from around the world established the Freedom of Information Advocates Network. The coalition, now comprised of more than 90 organizations on four continents, continues to work for the adoption of open government laws throughout the world and the recognition of the right to know as a fundamental human right. View EPIC's press release here, and learn more about Right to Know Day here. (Sept. 28)
  • New EPIC Page Describes "Theme Parks and Privacy." EPIC has developed a new issue page on theme parks and privacy. The page is a single source of information for consumers to learn more about theme parks such as Walt Disney World that use fingerprint scans to control visitor access. In this instance, the unchecked broad adoption of biometrics such as fingerprint scans threatens the privacy rights of adults and children as young as 10 years of age. For more information on related issues, see EPIC's pages on Biometrics, Children and Privacy, and the DOD Recruiting Database. (Sept. 27)
  • EPIC Documents: Travelers Struggle With Watch List Errors. Documents (pdf, 2.2 mb) obtained by EPIC under the Freedom of Information Act reveal nearly a hundred complaints from airline passengers about the government's traveler screening program. The most common complaint from passengers is that they have been wrongly placed on a government watch list. For more information, see EPIC FOIA Note #8. For additional FOIA documents, see EPIC's Watch List FOIA page. (Sept. 27)
  • Transportation Agency Scraps Commercial Data Plans. The Transportation Security Administration has abandoned plans to use information from data aggregators to check airline passengers' backgrounds. TSA made the decision shortly before a working group issued a scathing report (pdf) on the program. Last year, an EPIC FOIA request revealed (pdf) that Axciom proposed to water down federal privacy laws so that it could sell data to the government for traveler screening. For more information, see EPIC's Secure Flight page. (Sept. 23)
  • Public Comment Sought on ICANN WHOIS Proposal. The ICANN is requesting public comments on a new WHOIS policy. Under ICANN's current contracts with the registries and registrars, the WHOIS domain name contact information, which includes names, addresses, telephone numbers and e-mail addresses, must be public. But under many local and national laws the information is private. The Task Force now recommends that registrars who change their WHOIS practices to abide by applicable laws and governmental regulations can still operate as accredited registrars. EPIC and the Non Commercial Users Constituency support this change but also urge a comprehensive review of WHOIS policies to ensure that the personal data of all Internet users is protected. Comments are due October 2. For more information, visit EPIC's WHOIS page. (Sept. 21)
  • Election Report Recommends Voter ID, Paper Trails. The Commission on Federal Election Reform, co-chaired by former President Jimmy Carter and former Secretary of State James A. Baker III, released a new report on the conduct of domestic elections. The Carter-Baker Commission recommended photo IDs for all voters, verifiable paper trails for electronic voting machines, and removing partisan political activity from the administration of elections. Voting reform groups favor the paper trail. But the photo ID requirement conflicts with many civil rights and voting rights laws. EPIC earlier opposed (pdf) Georgia's effort to require all voters to present photo ID to participate in public elections. See EPIC's page on Voting and Privacy. (Sept. 20)
  • Call to Strengthen International Recognition of Privacy and Data Protection as Fundamental Human Rights. Privacy commissioners from around the world called on (pdf) governments and international organizations to establish data protection and privacy as fundamental human rights. They also called for effective safeguards to limit the use of biometric passports and identity cards so that centralized database will not be established. And they urged greater cooperation with NGOs. More information can be found here. (Sept. 19)
  • EPIC Advises Canadian Committee on Identity Theft. In comments (also available in PDF), EPIC advised the Canadian government to assume an aggressive posture against identity theft by requiring consumer reporting agencies to allow individuals to freeze their credit files, and to require heightened authentication to prevent impostors from obtaining credit. EPIC also argued that retailers should notify individuals before they submit derogatory information to a consumer reporting agency, as this is often a signal that identity theft has occurred. (Sept. 15)
  • US-VISIT Will Extend to 104 More Ports of Entry. The Department of Homeland Security today announced that the US-VISIT border security program will add 104 ports of entry, beyond the current 50, by the end of the year. Problems have been found in US-VISIT's database and technology systems, and some errors have led to the improper flagging of crewmembers by government watchlists. This extension comes as the agency is considering a flawed proposal to use Radio Frequency Identification tags for travel documents, and two months after it began to require visitors to submit a full ten-fingerprint set. For more information, visit EPIC's US-VISIT and July Spotlight on Surveillance pages. (Sept. 14)
  • EPIC Urges Senate to Question Judge Roberts on the Future of Privacy. In a letter to the Senate Judiciary Committee, EPIC has asked Senators to explore the views of John Roberts on privacy, "particularly as they may relate to the future of the Fourth Amendment and the role of the Congress in establishing statutory safeguards." The EPIC letter examines John Roberts's views on privacy as a White House counsel, a Supreme Court litigator, and a federal appellate judge. The letter concludes, "The first Justice to join the Supreme Court in the 21st century should have a strong commitment to apply the Constitutional principles and enforce the statutory rights that help safeguard privacy in the modern era." The confirmation hearing will be broadcast on C-Span. (Sept. 11)
  • Spotlight: Database Tracks Foreign Students, Visitors in United States. September's "Spotlight on Surveillance" scrutinizes the Student and Exchange Visitor Information System (SEVIS), a Homeland Security program that monitors and tracks students and exchange visitors at all times. SEVIS is also a part of the controversial US-VISIT program. Through SEVIS, the federal government is accumulating a massive amount of data on foreign students and exchange visitors and their dependents, including biographical, academic, and employment information. The stated goals of SEVIS concern immigration and education, but the database is also available to other federal, local, state, tribal and foreign agencies. For more information, see EPIC's Spotlight on Surveillance and US-VISIT pages. (Sept. 9)
  • EPIC Calls for Government Watch List Accuracy. In comments to the FBI (also available in pdf), EPIC urged the agency to hold off on expanding the Terrorist Screening Center's watch list record system until the Bureau resolves significant privacy issues. EPIC objected to the FBI's proposal to exempt the watch list from legal requirements that require record accuracy. EPIC also said that there are inadequate redress procedures for people who are improperly flagged as watch list matches. (Sept. 7)
  • Government Report: Agencies' Privacy Protections Lacking in Data Mining Projects. A recent Government Accountability Office report (pdf) found that federal agencies are failing to adequately protect privacy rights when using data mining or knowledge discovery tools to find patterns and associations in massive amounts of information. The report said that although most agencies are notifying the public that they are using personal information, few are notifying people about the intended uses of that information. A previous government program that sifted though troves of personal information, the Total Information Awareness project, was shut down amidst privacy and security criticism. For more information, see EPIC's Total Information Awareness page. (Sept. 2)
  • Free Credit Report Site Open to All. The Fair Credit Reporting Act's guarantee of free credit reports takes full effect today, and now residents of all states can gain access to a free copy of their credit report from all three of the big consumer reporting agencies by visiting annualcreditreport.com or by calling 1-877-322-8228. You can monitor your credit free by requesting one of your three credit reports every four months. For more information, see EPIC's Fair Credit Reporting Act page. (Sept. 1)
  • EPIC Petitions FCC to Protect Customers' Info. EPIC has petitioned (also available in pdf) the Federal Communications Commission to initiate a rulemaking to enhance security safeguards for individuals' calling records. The petition follows a complaint concerning the illegal sale of personal information obtained from telephone carriers, and an updated filing (also available in pdf) where EPIC identified 40 websites that openly offer to obtain calling records without the knowledge and consent of the account holder. For more information, see EPIC's IEI Complaint Page. (Aug. 30)
  • Court: FL Drivers Can Recover for Sale of Personal Data. The 11th Circuit Court of Appeals has reversed (pdf) a lower court and held that individuals suing to recover for violations under the Drivers Privacy Protection Act do not need to demonstrate actual harm in order to recover monetary damages. In the case, a Florida man sued Fidelity Bank for obtaining the personal information of 565,000 individuals from the State's motor vehicle databases for junk mail purposes. EPIC's brief in the case argued that monetary damages were necessary in order to deter unaccountable data brokers from obtaining personal information from government coffers. For more information, see EPIC's Drivers Privacy, Kehoe v. Fidelity, and Doe v. Chao Pages. (Aug. 26)
  • EPIC Testifies Before Election Assistance Commission. The U.S. Election Assistance Commission held its third and final public hearing in Denver, Colorado on its proposed Voluntary Voting System Guidelines. EPIC's statement (pdf) focused on the importance of election administration in creating reliable, secure, accessible, transparent, accurate, and auditable public elections. The Commission is nearing the end of a process begun last year, which is intended to replace how voting systems used in public elections are designed. (Aug. 23)
  • FL Committee Recommends Regulation of Data Brokers. Florida's Committee on Privacy and Court Records has issued recommendations to reduce the privacy risks posed by court records. The first recommendation, which passed unanimously, urges the Florida legislature and Congress to comprehensively regulate commercial data brokers. The group also recommended that the courts allow anonymous access to records, and that courts minimize the amount of information they collect from individuals. Many of these positions were recommended by EPIC (pdf) in a submission that showed that Florida's records policies made the State's citizens subject to extraordinary profiling by data brokers such as Choicepoint. For more information, see EPIC's Public Records and Choicepoint pages. (Aug. 18)
  • FTC Ends Experian Bait and Switch. The Federal Trade Commission has settled a complaint against credit reporting agency Experian for offering "free" credit reports that were actually expensive credit monitoring services. The company must change representations on its Web site and disgorge almost $1 million received in the bait and switch scam. EPIC filed a complaint against Experian with the FTC in September 2003, noting that although the company is legally responsible for the accuracy and security of credit reports, Experian was stoking consumers' fears on these issues in order to sell credit monitoring services. Individuals who want their free credit report can obtain it from www.annualcreditreport.com, the site established by Congress to provide three reports per year at no cost to the consumer. For more information, see EPIC's Fair Credit Reporting Act Page. (Aug. 16)
  • Wiretap Case Reversed, Good News for Online Privacy. In a 5-2 decision, a federal appeals court has ruled (pdf) that the interception of e-mail in temporary storage violates the federal wiretap act. The decision reverses an earlier opinion. EPIC joined with other civil liberties groups to support the reversal (pdf). Technical experts submitted a brief (pdf) favoring an interpretation of privacy laws that will protect the confidentiality of electronic communications. See EPIC's Councilman page. (Aug. 12)
  • Spotlight: Unmanned Planes Allow Secret Surveillance of U.S. Civilians. This month's Spotlight on Surveillance shines on unmanned aerial vehicles (UAVs), equipped with cameras and sensors that produce high-resolution imagery and track moving targets. UAVs, which cost $350,000 to $4.5 million each, were designed for military use and have been deployed in Afghanistan and Iraq. Now this military technology could be used by the federal government for aerial surveillance of civilians in the United States. For more information, see EPIC's Spotlight on Surveillance page. (Aug. 8)
  • EPIC Wins ABA Cyberspace Award. EPIC received the American Bar Association Cyberspace Law Excellence Award at the annual ABA Conference in Chicago. The Award recognizes substantial contributions to the development of the law of cyberspace through scholarship, participation in the legislative process, or litigation. EPIC was cited for addressing the challenge of security and privacy "not in the heat of the moment or only in partisan arenas, but deliberately, neutrally, and thoughtfully." The ABA Cyberspace Law Committee said that "EPIC's efforts in this vein have served us all well." (Aug. 6)
  • EPIC: US-VISIT Travel ID Plan is Flawed. In comments (also available in pdf) to the Department of Homeland Security, EPIC has urged the agency to abandon a proposal to use Radio Frequency Identification tags for travel documents. EPIC said the plan lacks basic privacy and security safeguards, and repeats many of the problems with the controversial proposal of the State Department for wireless passports. For more information, see EPIC's US-VISIT and RFID pages. (Aug. 5)
  • Coalition Urges Court to Strike Down National Security Letter Authority. EPIC and a coalition of open government organizations have filed a "friend of the court" brief (pdf) in Gonzales v. Doe, a lawsuit concerning the FBI's authority to issue national security letters without judicial approval and under a permanent gag order that bans the recipient from telling anyone about the demand. An anonymous Internet Service Provider and the ACLU argue that this broad authority violates the First and Fourth Amendments to the Constitution. A federal court found the power unconstitutional last year; the government is challenging the ruling. The coalition's amicus brief argues that the courts must provide meaningful oversight of the government's investigative activity, and that national security letters undermine government accountability. (Aug. 4)
  • Privacy Groups, Senators Oppose Preemption of Anti-Telemarketing Laws. EPIC and 11 consumer advocacy groups urged the Federal Communications Commission not to preempt strong anti-telemarketing laws. Retailers like the Sports Authority, banks, and telemarketers are trying to invalidate all state telemarketing laws, which would lead to a massive increase of unwanted sales calls. Sen. Bill Nelson and nine other senators also filed a letter (pdf) opposing preemption. For more information, see the Indiana Attorney General's Save the Do Not Call List and EPIC Telemarketing Preemption pages. (Jul. 29)
  • EPIC Opposes Georgia Voting ID Requirement. In comments (pdf) to the Department of Justice, EPIC has opposed Georgia's proposal that would require government-issued photo ID to vote in a state or federal election. EPIC said that the Georgia voting photo identification law encroaches on privacy, would discourage voter turnout, and is inconsistent with the federal Help America Vote Act. Under the 1965 Voting Rights Act, Georgia is required to receive Justice Department approval before making any changes to its voting laws. For more information, see EPIC's Voting and Privacy page and the National Committee for Voting Integrity Web site. (Jul. 29)
  • EPIC Testifies on Data Security Legislation. In testimony before the House Commerce Subcommittee on Consumer Protection, EPIC West Coast Director Chris Hoofnagle urged Congress to pass strong data security legislation that includes privacy protections for use of personal information. The hearing concerned bipartisan draft data security legislation that would require companies to give notice to consumers of security breaches. For more information, see EPIC's Choicepoint page. (Jul. 28)
  • EPIC Releases Memorandum on DOD Recruiting Database, Privacy Act Violations. EPIC has drafted a memorandum (pdf) describing the Department of Defense (DOD) recruiting database. The memorandum discusses the sources of the data and the Privacy Act violations in the creation of the database. Of particular concern is the use of commercial data brokers and Social Security Numbers. EPIC concludes with specific recommendations. Pending resolution of these issues, it is the view of EPIC that the use of the database should be immediately suspended. For more information, see EPIC's page on the DOD database. (Jul. 27)
  • Court Rejects Agency's "Sensitive Information" Claim in EPIC FOIA Case. A federal court has held (pdf) that the Department of Homeland Security may not withhold a document sought by the public simply by describing it as "sensitive security information." Though federal agencies "are not required to describe the withheld portions in so much detail that it reveals the sensitive security information itself," the court said they are required to "provide a more adequate description" to explain why material is not made public. EPIC filed a Freedom of Information Act suit to force DHS, TSA and the FBI to release documents detailing the agencies' efforts to obtain airline passenger information. Though the court found that the FBI had conducted an adequate search for documents, and TSA and DHS had properly withheld some material, the court has ordered DHS and TSA to provide more detailed justification for numerous withholdings. (Jul. 26)
  • EPIC Opposes Cybercrime Convention. In a statement to the Committee on Foreign Relations, EPIC has urged the United States Senate to oppose ratification of the Council of Europe Convention on Cybercrime. EPIC cited the sweeping expansion of law enforcement authority, the lack of legal safeguards, and the impact on US Constitutional rights. See EPIC's Cybercrime Convention page. (Jul. 26)
  • Accountability Office: Security Agency Did Not Follow Privacy Law. In a letter to Congress (pdf), the Government Accountability Office has concluded that the Transportation Security Administration violated the Privacy Act when it obtained personal information about airline passengers from commercial data brokers. The agency's public statements about the screening program failed to describe this activity. According to the GAO letter, "the agency did not provide appropriate disclosure about its collection, use and storage of personal information as required by the Privacy Act," and "the public did not receive the full protections" of the law. For more information, see EPIC's Secure Flight page. (Jul. 25)
  • New EPIC Page Describes "Flash Cookies." Because more internet users are "tossing their cookies" in order to avoid being tracked online, one company has proposed to track users through a feature in Macromedia Flash software. "Flash cookies" make it possible for Web sites to track users, even if they delete their normal cookies. EPIC's new Flash Cookies page describes what a Flash cookie is, and how to prevent being tracked by them. (Jul. 21)
  • Changes at Homeland Security Fail to Address Privacy Concerns; New Problems Emerge. Privacy problems remain at the Department of Homeland Security even after Secretary Michael Chertoff's restructuring announcement yesterday. House Democrats have criticized (pdf) the failure to establish broader powers for the Privacy Office even after a complaint from EPIC about the misuse of passenger data and a violation of federal privacy law was not adequately investigated. Chertoff also said that the Department will now require visitors to the United States to provide a complete fingerprint set. The Secretary further announced the appointment of the former General Counsel for the National Security Agency to coordinate agency policy. For more information, see EPIC's US-VISIT and Air Travel Privacy pages. (Jul. 14)
  • EPIC Urges FTC to Investigate Online Data Brokers. In a complaint to the Federal Trade Commission, EPIC urged the agency to investigate online data brokers, companies that promise to sell phone calling records, the identities of people who own private mail boxes, and the identities associated with AOL Screen names, Match.com profiles, and Lavalife profiles. The complaint argues that this information cannot be obtained without violating federal law or regulations. Both the Washington Post and Wall Street Journal have reported on the filing. (Jul. 8)
  • Justice O'Connor Respected Privacy, Defended the States and Government Accountability. Justice Sandra Day O'Connor, often described as a critical swing vote on a closely divided Supreme Court, should also be remembered for her judicial independence. In a series of opinions--concurrences and dissents, as well as decisions on behalf of the Court--she raised concerns about police databases, opposed suspicionless drug testing, defended innovative legislative efforts by the states, and supported open government laws. See EPIC's O'Connor Legacy page. (Jul. 8)
  • Spotlight: US Offers Unfriendly Welcome to Visitors. This month, EPIC turns the Spotlight on to the US-VISIT border security program and finds it is replete with problems-in its technology and databases. The program's fingerprint identification system has resulted in many cases of mistaken identity, and led to the improper flagging of crewmembers by government watchlists. The program will soon test using Radio Frequency Identification (RFID) technology to transmit identifiers to agents; this has been touted as a time-saving measure. However, the small amount of time saved by using RFID is outweighed by the significant security risk of unauthorized parties accessing the data when it is transmitted wirelessly. For more information, see EPIC's Spotlight on Surveillance and US-VISIT pages. (Jul. 5)
  • Senators Specter and Leahy Introduce Comprehensive Privacy Legislation. The leading Republican and Democrat on the Senate Judiciary Committee have introduced the Personal Data and Security Act of 2005. The bill would strengthen penalties for identity theft, create new rights of data access, establish security standards, limit the sale and display of the social security number, and require the government to establish safeguards for personal information held by data brokers. See EPIC's Choicepoint page and Model Privacy Regime for more information. (Jun. 30)
  • Congress Opens Junk Fax Floodgates with New Law. Congress Tuesday passed a bill that would permanently allow an "existing business relationship" exemption for commercial "junk faxes." Under the law, if an individual does business with any company, the company can begin to send the individual junk faxes, even if the individual does not provide the business with a fax number. The law allows direct marketers to troll the Internet, phone books, and advertisements to harvest fax numbers of their customers. The bill sets no time limit for an existing business relationship, unlike the national no-call list, which limits such relationships to those who made a purchase in the past 18 months or an inquiry in the past three months. For more information, see EPIC's Telemarketing and Junk Fax page. (Jun. 29)
  • UK ID Cards Bill Faces Opposition. The United Kingdom government's national ID cards bill yesterday narrowly avoided defeat in Parliament. The scheme is opposed by the British Privacy Commissioner. A recent report warned it could eventually cost more than £20 billion ($36B). The bill now goes to committee, where Labour members seek to narrow a National Identity Register, which could include information such as name, residence, biometric data and personal history of every individual in the UK. For more information, see EPIC's National ID Cards and REAL ID Act page and Privacy International's National ID Cards page. (Jun. 29)
  • EPIC: Justice Department Should Clarify Privacy Obligations of Storing Biological Evidence. EPIC has submitted comments urging the Justice Department to identify and ensure compliance with existing privacy protections when preserving biological evidence during the investigation of a federal crime for which an individual is in prison. Congress has stated, "DNA testing has the capacity not only to identify the perpetrators of crimes but also to exonerate the innocent." EPIC argued that the agency should limit access to material that must be preserved under law to government agencies that will use the material to further this legislative purpose. For more information, see EPIC's Genetic Privacy page. (Jun. 29)
  • Groups to FTC: Kids' Privacy Improving, but Law Needs Enforcement. Consumer privacy groups have filed comments (also available in pdf) to the Federal Trade Commission as part of its review of the Children's Online Privacy Protection Act. The groups argue that COPPA has improved children's privacy online. There is a continuing need to continue to clarify COPPA via enforcement and research into the cutting edge techniques being used to direct websites at children. Further action is still needed to address the privacy concerns raised in the offline market for children's personal information. For more information, see EPIC's page on the Children's Online Privacy Protection Act. (Jun. 29)
  • EPIC: E-mail Users Should Be Able to Opt-Out from List Brokers. In comments to the Federal Trade Commission on the CAN-SPAM Act, EPIC argued that individuals should be able to prevent direct marketing "list brokers" from selling lists containing their e-mail addresses. List brokers sell tens of thousands of lists containing e-mail addresses and other personal information, and are the driving force behind unwanted spam, telemarketing, and junk mail. For more information, see the EPIC Spam and Consumer Profiling pages. (Jun. 27)
  • Recruiting Database Established in Violation of Privacy Act. In a media roundtable Department of Defense officials admitted to consolidating a massive database of student information for recruiting in 2003, however the agency did not list this database in the Federal Register until May 2005. The Privacy Act requires that new systems of records be published in the Federal Register before they become operational. Last week, EPIC urged the agency to scrap the database, as it collected unnecessary information, offered no opt-out rights, and was to be housed at a private-sector direct marketing company. For more information, see EPIC's DOD Recruiting Database Page. (Jun. 27)
  • EPIC Receives Consumer Protection Award. EPIC's West Coast Director, Chris Hoofnagle, has received a 2005 Consumer Excellence Award from Consumer Action. Also recognized was California Assemblymember Judy Chu, for her work to protect immigrants from fraud. Consumer Action is a non-profit organization focusing on consumer education and advocacy in telecommunications and financial services. (Jun. 23)
  • Congresswoman Calls for Hearings on Social Security Disclosure Policy. Congresswoman Carolyn Maloney has recommended (pdf) congressional hearings on the Social Security Administration's "ad hoc" decision to share personal information with law enforcement immediately after 9/11. "I am concerned that the SSA apparently gave no notification to Congress when it decided to change its rules and that there has been no real oversight of the SSA's actions," said Rep. Maloney. Documents (pdf) obtained by EPIC under the Freedom of Information Act show that the agency changed its stringent policy to allow for liberal disclosure of personal information "in connection" with 9/11-related investigations. A subsequent front-page New York Times article reveals that the agency provided personal information about thousands of people to the FBI in terrorism investigations since 9/11. For more information, see EPIC FOIA Note #4. (Jun. 22)
  • EPIC FOIA Documents: US-VISIT Fingerprint Mismatches Produced Watchlist Hits. Freedom of Information Act documents (available in pdf: Part 1 | Part 2) obtained by EPIC from the Department of Homeland Security show that individuals traveling to the United States have experienced problems being "processed" by the United States Visitor and Immigrant Status Indicator Technology (US-VISIT), a border security program that records biographic, biometric and travel information of more than 28 million foreign visitors to the United States each year. Complaints about the program include emails between an airline and the agency about 32 crew members who experienced fingerprint scanning mismatches, which caused them to be improperly flagged by government watchlists. For more information, see EPIC FOIA Note #7 and EPIC's US-VISIT page. (Jun. 22)
  • Groups: DOD Should Scrap Massive Database. In comments to the Department of Defense, EPIC and 8 privacy and consumer groups objected to the creation of a massive database for military recruitment purposes. The database would contain the Social Security Numbers, race, and educational information on up to 25 million people as young as 16 years old. The database would be operated by a commercial data marketing company, and individuals would not be able to opt-out. The groups called upon the Department of Defense to terminate the database program, as the database is fundamentally incompatible with the government's responsibilities under the Privacy Act. For more information, see EPIC's DOD Recruiting Database Page. (Jun. 21)
  • California Financial Privacy Law Limited by Federal Preemption. The Ninth Circuit Court of Appeals has held (pdf) that some portions of California's Financial Information Privacy Act are superceded by the federal Fair Credit Reporting Act. However, the Court did not interpret the law to completely invalidate California's protections, and most of the law remains intact. A federal judge will now decide the precise scope of the California law's protections. EPIC and a coalition of groups representing 41 million individuals argued in a amicus brief that preemption of state law weakens protections against identity theft and consumer privacy. For more information, see EPIC's ABA v. Lockyer, Preemption, and Fair Credit Reporting Act pages. (Jun. 21)
  • Agency Violated Privacy Act Order. The Transportation Security Administration has admitted (pdf) that it collected and maintained detailed commercial data about thousands of travelers in violation of an order issued last year stating it wouldn't do so. The agency continues to store commercial data a contractor purchased, combined with information from airlines, and turned over to the agency on CD-ROMs during the testing of Secure Flight, a passenger prescreening proposal. The Department of Homeland Security Privacy Office announced last week that it is investigating whether the agency violated federal privacy law during the test phase of Secure Flight. For more information, see EPIC's Secure Flight page. (Jun. 21)
  • Senate Explores Voting Technology, EPIC Voting Project Recommends Enhanced Standards. The National Committee for Voting Integrity has submitted comments to the Senate Rules Committee, which held a hearing on Voter Verification in the Federal Elections Process. NCVI said that current voting technology does not meet a standard that can assure voters that votes are recorded and counted as cast. NCVI, a project of EPIC, made recommendations to the Senate on ways to improve transparency, privacy and security of ballots. For more information, see EPIC's page on Voting and Privacy. (Jun. 21)
  • EPIC Joins Amicus Brief in Subscriber List Privacy Case. EPIC joined eight civil liberties organizations to submit a "friend of the court" brief (pdf) in Forensic Advisors v. Matrixx Initiatives, a case before the Maryland Court of Special Appeals in which a pharmaceutical company is attempting to force a newsletter publisher to disclose his subscriber list. The company wants to use the list in connection with a law suit it filed against numerous unidentified people who posted derogatory comments about the company on Internet discussion boards. The brief argues in favor of protecting the list under a Maryland law that protects journalists' sources. It also argues that the list is protected under the First Amendment, since disclosure of the list would deter readership and violate constitutionally established privacy rights. (Jun. 15)
  • Election Agency Proposes Secret Voting Standards. Documents obtained by EPIC under the Freedom of Information Act reveal the complete draft standards for voting technology. The standards, which were developed by a technical committee for the Election Assistance Commission, could determine how votes will be tabulated in future elections. Other documents obtained by EPIC reveal vendor attempts to influence the development of the standards. (Jun. 15)
  • California Soon to Vote on Prohibition of RFIDs in State ID Cards. "Tag and Track" devices, known as RFIDs (Radio Frequency Identification tags), are being considered for use in government documents. The California State Senate will soon vote on The Identity Information Protection Act (pdf), the first legislation in the United States to prohibit the inclusion of RFIDs that can be read remotely without the person's knowledge in state identity documents, such as driver's licenses, student identification badges, and medical cards. See the RFID Action Page. For general information, see EPIC's pages on RFID and Children and RFID Systems. (Jun. 8)
  • EPIC Documents Spark Congressional Inquiry. Based on documents (pdf) obtained by EPIC under the Freedom of Information Act, Congresswoman Carolyn Maloney has asked (pdf) the Social Security Administration to explain its new policy on disclosing personal information to law enforcement officials investigating 9/11. Among other things, Congresswoman Maloney asked the agency to determine whether the "ad hoc" policy complies with the Privacy Act. She is also trying to find out whether the agency has turned over information to law enforcement for purposes unrelated to 9/11. For more information, see EPIC FOIA Note #4. (Jun. 7)
  • Spotlight: Agency's Proposed Strip Search Program Should be Stripped of Funding. This month, Spotlight shines the light on the Transportation Security Administration's proposal to spend $72 million on "backscatter" X-ray machines (pdf) that perform a virtual strip search on all air travelers. The devices provide government screeners with detailed pictures of a passenger's naked body, including nipples and genitalia. The images, which will include those of women and young children, can be saved to disk. Legal experts believe that the use of the device by government agencies could be an impermissible search, under both the US constitution and European privacy law. For more information, see EPIC's Spotlight on Surveillance and Backscatter X-Ray pages. (Jun. 3)
  • New Credit Report Rules Start Today, Southerners Get Free Reports. Today, residents of eleven southern states can gain access to a free copy of their credit report from all three of the big consumer reporting agencies by visiting annualcreditreport.com or by calling 1-877-322-8228. Also today, federal rules take effect that require businesses to securely destroy customer information that is derived from credit reports. EPIC provided detailed comments on both the development of a free credit report site and joined a coalition of group in providing guidance on secure destruction of personal information. For more information, see EPIC's Fair Credit Reporting Act Page. (Jun. 1)
  • Government Report: Federal Agencies' RFID Plans Flawed. In a report (pdf) released last week, the Government Accountability Office found that thirteen government agencies are using or plan to use Radio Frequency Identification tags. However, only one agency identified any legal or privacy issues with the use of the tags, which can be read remotely. The agencies plan to use RFID to track employees' movements and in ID cards. This report comes a month after the State Department reversed plans to include RFID tags in American passports because of security and privacy concerns. For more information, see EPIC's RFID page. (May 31)
  • Senate Committee Fails to Approve Expanded FBI Authority. In a closed meeting yesterday, the Senate Select Committee on Intelligence did not reach consensus on legislation that would reauthorize sunsetting provisions of the USA PATRIOT Act and increase the FBI's investigative powers. EPIC had urged the committee in a statement to carefully consider each sunsetting provision of the USA PATRIOT Act before voting to reauthorize, and not to expand the FBI's investigative powers unless the agency can show a need for more authority. EPIC also joined more than twenty organizations to oppose an expansion of FBI authority that would allow the law enforcement agency to demand records in national security investigations with no judicial approval. For more information, see EPIC's USA PATRIOT Sunset page. (May 27)
  • EPIC Voting Project Urges Privacy Safeguards for Voter Registration Databases. The National Committee for Voting Integrity has submitted comments to the Election Assistance Commission on the proposed creation of centralized statewide voter registration databases. NCVI said that the registration systems must assure voter privacy by adhering to fair information practices, and allow voters to verify information, correct inaccurate information, and be assured that the information provided will not be used for non-voting related purposes. For more information, see EPIC's pages on Voting and Voter Registration Databases. (May 25)
  • DC Metro Adopts Privacy Policy, Improves Public Oversight. The Washington Metro announced today a new privacy policy for the collection and use of SmarTrip data or credit card usage in the Metro system. The policy limits disclosure without prior written authorization from the person. It assures individuals access to their own information and an accounting of disclosures. The Board also approved changes to its Public Access to Records Policy, more closely aligning it with the federal Freedom of Information Act. The changes to that policy establish certain exemptions and time frames for processing requests, provide for judicial review, and exempt individual SmarTrip data from disclosure except in limited instances. EPIC supported the changes. (May 19)
  • PATRIOT Act Renewal Bill Would Expand FBI Powers. Reuters reports that Senate Intelligence Committee Chairman Pat Roberts plans to introduce legislation that would not only reauthorize sunsetting provisions of the USA PATRIOT Act, but also expand the government's investigative powers to permit the FBI to demand health, library, and tax records in intelligence investigations without judicial approval. Today the committee had planned to hold a closed session to vote on whether to send the legislation to the Senate floor. The session was cancelled, but is expected to be held next week. For more information, see EPIC's USA PATRIOT Act Sunset page. (May 19)
  • Forty Groups Oppose Homeland Security's Weak Privacy Rules. The Department of Homeland Security is proposing to exempt a vast database from legal requirements that protect privacy and promote government accountability. The agency's plan leaves individuals without the ability to correct inaccurate information and without protection against possible abuse of the database. In comments filed with the agency, more than forty organizations have opposed the plan. (May 19)
  • DC Metro Tracks Travelers. Documents obtained by EPIC from the Washington Metro Authority reveal that the SmarTrip system collects detailed travel information. The reusable plastic farecard, which includes an embedded RFID chip, tracks each rider's Metro travel and can be linked to address and credit card data. Most records held by state agencies are protected by law, but no similar protections exist for the SmarTrip system. EPIC has urged stronger protections. Washington Metro is expected to adopt a new privacy policy this week. (May 18)
  • EPIC Testifies in House on SSN and Employment Verification. EPIC Executive Director Marc Rotenberg testified (pdf) before the House Judiciary Committee on the "Illegal Immigration Enforcement and Social Security Protection Act of 2005." The bill would require all workers to obtain an SSN card that is machine readable and gives the Department of Homeland Security broad authority to determine employment eligibility. EPIC warned that "new systems of identification will create new risks." The hearing was webcast. (May 12)
  • Congress Passes Controversial ID Bill Without Debate. The Senate yesterday approved the supplemental military spending bill to which the REAL ID Act had been attached. The legislation mandates federal identification standards and requires states DMVs, which have become the targets of identity thieves, to collect sensitive personal information. Legislators in both parties urged debate and more than 600 organizations opposed the legislation. For more information, see EPIC's National ID Cards and REAL ID Act page. (May 11)
  • EPIC Testifies in Senate on ID Theft and Data Broker Industry. EPIC Executive Director Marc Rotenberg testified (pdf) before the Senate Commerce Committee on ID Theft and the Data Broker Industry. EPIC also urged Senate review of the Real ID Act prior to vote. The hearing was webcast. (May 9)
  • Widespread National Opposition to Real ID Act. More than 600 organizations have expressed opposition to the Real ID Act. Only two groups-Coalition for a Secure Driver's License and Numbers USA -support the controversial national ID plan. Organizations such as the American Association of Motor Vehicle Administrators, National Association of Evangelicals, American Library Association, Association for Computing Machinery (pdf), National Council of State Legislatures, American Immigration Lawyers Association (pdf), and National Governors Association are among those against the legislation. The REAL ID Act seeks to impose federal identification standards upon the states and mandate that state DMVs collect sensitive personal information. For more information, see EPIC's National ID Cards and REAL ID Act page. (May 5)
  • Congress May Pass Flawed ID Bill Without a Hearing. Last-minute maneuvering is taking place in Washington as backers of the REAL ID Act seek to attach the controversial proposal to unrelated legislation, hoping to avoid a public hearing on the national ID plan. The REAL ID Act would mandate federal identification standards and require state DMVs to collect sensitive personal information. Republican and Democratic lawmakers in the Senate have urged Senate Majority Leader Bill Frist to allow hearings on the bill and to permit a separate vote on the measure. The bill may go forward even as state motor vehicle agencies have become the target of identity thieves. For more information, see EPIC's National ID Cards page. (May 4)
  • State DMVs Targeted by Identity Thieves. In recent months three state DMVs have been penetrated by identity thieves. In March, burglars rammed a vehicle through a back wall at a DMV near Las Vegas and drove off with files, including Social Security numbers, on about 9,000 people. Last week Florida police arrested 52 people, including 3 DMV examiners, in a scheme that sold more than 2,000 fake driver's licenses. Two weeks ago Maryland police arrested three people, including a DMW worker, in a plot to sell about 150 fake licenses. These criminal schemes come in the wake of a rash of data broker scandals that have compromised the personal information of millions of Americans. For more information, see EPIC's National ID Cards and Choicepoint pages. (May 4)
  • Spotlight: Federal Grants Fund Surveillance Cameras in Nation's Cities. This month, Spotlight on Surveillance turns to the $2 billion that the Department of Homeland Security will provide to state and local governments. Some of this money will be for surveillance cameras that watch people in shopping centers and on public streets, and may even look into homes. Studies have found that such surveillance systems have little impact on crime, and that it is more effective to place officers on the streets and improve lighting in high-crime areas. For more information, see EPIC's Spotlight on Surveillance page and the Observing Surveillance web site. (May 2)
  • EPIC Sues For Data on Use of USA PATRIOT Act Powers. In a complaint (pdf) filed this week, EPIC asked a federal court to force the FBI to disclose information about its use of expanded investigative authority granted by sunsetting provisions of the USA PATRIOT Act. The agency agreed (pdf) to quickly process EPIC's Freedom of Information Act request (pdf) for the data, but has not complied with the timeline for even a standard FOIA request. The lawsuit comes amid numerous congressional hearings reviewing controversial sections of the USA PATRIOT Act. Many of these provisions are slated to expire at the end of the year unless the administration makes the case for renewal. For more information, see EPIC's USA PATRIOT FOIA and Sunset pages. (Apr. 29)
  • Electronic Surveillance at an All-Time High in 2004. According to a new report, state and federal courts authorized 1,710 interceptions in 2004, an increase of 19 percent over 2003 and more than in any previous year. Federal officials made an all-time high 730 intercept applications in 2004, a 26 percent increase over 2003. The Foreign Intelligence Surveillance Act Annual Report (pdf) reveals that there were 1758 applications for secret surveillance in 2004, also an all-time high. In 2004, as in 2003, more secret surveillance warrants were granted than the more stringent federal wiretap warrants. For more information, see EPIC's Wiretap and FISA pages. (Apr. 29)
  • EPIC Participates in Hearing on Voter Registration Databases. EPIC Associate Director Lillie Coney testified before the Election Assistance Commission on privacy safeguards for new voter registration databases. Ms. Coney, who also coordinates the National Committee for Voting Integrity, urged the Commission to examine the risks in the new centralized databases. The hearing was also webcast. For more information, see EPIC's page on Voter Registration Databases. (Apr. 28)
  • State Department Backs Off RFID Passport. The State Department said today it will not go forward with a controversial plan that would have made personal data contained in hi-tech passports vulnerable to unauthorized access. The agency said it will impose new security techniques, require encryption for data transfers, and ensure that passports contain a metallic layer. The announcement comes amid pressure from EPIC, other civil liberties groups, technical experts, and air travellers who said the original proposal was deeply flawed. For more information, see EPIC's RFID page. (Apr. 27)
  • EPIC Urges Scrutiny of Agency's Budget Requests. In a letter (also available in pdf) to a Senate committee reviewing the Transportation Security Administration's proposed budget for Fiscal Year 2006, EPIC urged scrutiny of the agency's programs. EPIC said the agency has a history of secrecy in developing its programs. Recent government reports issued by the Government Accountability Office (pdf) and the Department of Homeland Security Inspector General (pdf) state that there are many questions about the agency's data collection, use, and privacy safeguards in its programs. The agency must answer these questions before more taxpayer money is poured into its programs. For more information, see EPIC's Domestic Spending on Surveillance page. (Apr. 26)
  • Sweeping ID Bill Faces Opposition in the Senate. A bipartisan coalition of senators is urging debate on a bill that would establish a federal mandate for identification standards across the United States. The REAL ID Act would impose technological standards and verification procedures on the states, many of which are beyond the current capacity of the federal government. The bill is opposed by the National Governors Association, the National Conference of State Legislatures, the Council of State Governments, and the American Association of Motor Vehicle Administrators. Sen. Richard Durbin also expressed concern this week REAL ID would repeal earlier legislation that contained "carefully crafted language-bipartisan language-to establish standards for States issuing driver's licenses." For more information, see EPIC's National ID Cards page. (Apr. 22)
  • Controversial State-run Database Closes Down. The Multistate Anti-Terrorism Information Exchange (MATRIX), a three-year-old crime and terrorism database, closed down Friday because its federal funding ran out. MATRIX was run by Florida and LexisNexis subsidiary Seisint, which last week announced a security breach that compromised data on 310,000 Americans. MATRIX drew criticism because the database had detailed files about innocent people, including credit histories and fingerprints. Elements of MATRIX may continue if individual states decide to fund it on their own. For more information, see EPIC's amicus brief in Hiibel v. Nevada describing MATRIX (pdf). (Apr. 18)
  • LexisNexis Breach Compromises Data on 310,000 Americans. Data broker LexisNexis said today that personal information on 310,000 U.S. citizens may have been stolen in a security breach announced last month. At the time, LexisNexis said the breach only affected 32,000 people. LexisNexis said its databases had been fraudulently breached 59 times using stolen passwords, allowing access to addresses, Social Security numbers, and other sensitive information. This is the latest in a recent string of data breach scandals (pdf) that have affected hundreds of thousands in the U.S. In testimony before Congress (pdf) and the California Senate, EPIC has called for the regulation of data brokers because there is too much secrecy and too little accountability in their business practices. For more information, see EPIC's Choicepoint page. (Apr. 12)
  • California Considers Prohibition on RFIDs in State ID Cards. "Tag and Track" devices, known as RFIDs (Radio Frequency Identification tags), are being considered for use in government documents. California State Senator Joe Simitian has introduced "The Identity Information Protection Act" which would prohibit the inclusion of RFIDs that can be read remotely without the person's knowledge in state identity documents, such as driver's licenses, student identification badges, and medical cards. See the RFID Action Page. For general information, see EPIC's pages on RFID and Children and RFID Systems. (Apr. 8)
  • Attorney General Testifies in House on USA PATRIOT Renewal. The House Judiciary Committee heard testimony today from Attorney General Alberto Gonzales on controversial provisions of the USA PATRIOT Act that gave the FBI greater investigatory authority. Many of these provisions will "sunset" at the end of the year unless Congress renews them. Last month, EPIC submitted a Freedom of Information Act request (pdf) to the FBI asking how the agency has used its expanded powers under expiring provisions of the law. EPIC has also posted a new web page on the sunsetting provisions of the USA PATRIOT Act. (Apr. 6)
  • EPIC Presses Agency to Abandon Plans for RFID Passports. EPIC and other civil liberties groups have filed comments (pdf) to urge the State Department to scrap its plans to require RFID passports for all American travelers. The proposal is flawed because the Department lacks legal authority to require RFID travel documents. The State Department has also failed to show the benefits of the passports. Furthermore, it has failed to conduct a meaningful assessment of RFID technology or to consider more reliable technologies. For more information, see EPIC's RFID page. (Apr. 5)
  • Spotlight on Surveillance: Homeland Security's Access Card Less Than Secure. EPIC's Spotlight on Surveillance project this month evaluates the Department of Homeland Security's new employee access card and finds significant security risks. The wireless technologies linked to the card leave employees' personal information vulnerable to access by criminals. Also, the Department further exposes the card by its broad expansion of the card's function to turn it into a payment device, one that would be used several times a day in unsecured locations such as Metro train stations. For more information, see EPIC's Spotlight on Surveillance page. (Apr. 1)
  • EPIC Urges Privacy Safeguards for RFID, Copyright Technology. In comments to the Article 29 Working Group, an association of leading European privacy officials, EPIC has recommended strong safeguards for RFIDs and techniques to track the use of digital works. EPIC's Comments on RFID (pdf) recommend a prohibition on " chipping" people and warn that unencrypted RFID passports pose significant security risks. EPIC's Comments on Digital Rights Management (pdf), submitted in collaboration with the Yale Law School Information Society Project, focus on the intersection of copyright protection and user's privacy. More information at EPIC's RFID page, EPIC's DRM page, and EPIC's VeriChip page. (Apr. 1)
  • EPIC Supports WHOIS Privacy Campaign. EPIC has joined with Go Daddy and others to urge a federal agency to restore the right of Internet users to maintain private web site registrations. In February, the National Telecommunication and Information Administration disallowed private registrations for .US domain names, without a hearing, rulemaking, or public debate. The action undercuts online privacy, puts individuals at risk, and threatens Constitutional values. Take Action: Go to The Danger of No Privacy and sign the petition to restore online privacy. For more information, visit the EPIC WHOIS Page. (Mar. 31)
  • Accountability Office: Secure Flight Has Long Way to Go. The Government Accountability Office has reported (pdf) that the Transportation Security Administration still has many issues to address before the viability of the Secure Flight passenger prescreening program can be determined. The office was unable to assess, among other things, the effectiveness of the system, the accuracy of intelligence data which will determine whether passengers may fly, safeguards to protect passenger privacy, and the adequacy of redress for passengers who are improperly flagged by the program. For more information see EPIC's Secure Flight Page. (Mar. 28)
  • Inspector General Criticizes Agency's Passenger Data Practices. The Department of Homeland Security Inspector General has issued a report (pdf) on the Transportation Security Administration's use and dissemination of airline passenger data. The report states that the agency has been involved in 14 transfers of data involving more the 12 million passenger records. The report finds, among other things, that "TSA did not consistently apply privacy protections in the course of its involvement in airline passenger data transfers," and that TSA has not accurately represented the scope of its passenger data collection and use. For more information, see EPIC's Secure Flight Page. (Mar. 25)
  • Companies Unblock Links to Free Credit Report Site. The major credit reporting agencies have unblocked links to the free credit report site, annualcreditreport.com. In December 2004, EPIC and other groups urged the Federal Trade Commission to order that the links be unblocked. Congressman Barney Frank (D-MA) wrote (pdf) to the credit industry trade group to summarize changes made at the site to make it more consumer friendly. The World Privacy Forum recommends in a report that individuals call to get their free credit report instead of using the web site to avoid privacy-invasive practices of the credit reporting agencies. For more information, see the EPIC Fair Credit Reporting Act Page. (Mar. 21)
  • EPIC Urges Privacy Review of Transportation Biometric ID. In comments filed today, EPIC urged the Transportation Security Administration to delay its test of biometric technology for transportation workers until it conducts a comprehensive Privacy Impact Assessment. The assessment should allow the agency "to ensure protection of the privacy rights of program members." EPIC said that the program must comply with the federal Privacy Act and noted that there are unique problems associated with biometric technologies, including the varying degrees of error, the risk of circumvention, and the likelihood of "mission creep." For more information, see EPIC's Biometrics page. (Mar. 18)
  • Groups Urge FTC to Reevaluate FTC's Position on Choicepoint. EPIC and a coalition of privacy and consumer groups urged (pdf) Federal Trade Commission Chair Majoras to reevaluate the agency's position on commercial data brokers, as it was "very much in line with the views of the companies testifying before Congress, which had leaked or sold data to criminals, but was very far from the views expressed by consumer and privacy groups." The groups noted that the FTC itself contributed to current information privacy problems by approving self-regulatory principles authored by companies like Choicepoint and by allowing the sale of "credit headers" without privacy protections. The groups have called upon the FTC to "correct these extraordinary policy blunders and urge the application and enforcement of Fair Information Practices (FIPs) to the commercial data broker industry..." For more information, see EPIC's Choicepoint Page. (Mar. 17)
  • EPIC Introduces EPIC FOIA Notes, 2005 FOIA Gallery. In celebration of Freedom of Information Day, EPIC has launched EPIC FOIA Notes, a newsletter that will deliver the latest revelations EPIC obtains through the FOIA. You can view the first EPIC FOIA Note-which reports formerly classified documents showing that Choicepoint assured the FBI it could verify legitimate businesses-and subscribe to the newsletter here. EPIC is also proud to introduce its 2005 FOIA Gallery, which contains highlights and scanned images of some of EPIC's FOIA disclosures from the past year. (Mar. 16)
  • EPIC Testifies in Congress, Calls for Regulation of Choicepoint. EPIC Executive Director Marc Rotenberg urged (pdf) lawmakers to regulate Choicepoint and other data brokers in testimony today before a House subcommittee on consumer protection. Rotenberg testified that there is too much secrecy and too little accountability in the business dealings of data brokers, and the Choicepoint debacle underscores the need for federal regulation of the information broker industry. Choicepoint recently admitted (pdf) that it had sold personal information on 145,000 people to a criminal ring involved in identity theft. For more information, visit EPIC's Choicepoint page. (Mar. 15)
  • Madrid Agenda Honors Victims of 11-M, Urges Democratic Response to Terrorist Threat. The International Summit on Democracy, Terrorism, and Security concluded with the release of the Madrid Agenda. The statement is "an agenda for action for Governments, institutions, civil society, the media and individuals. A global democratic response to the global threat of terrorism." At the closing plenary UN Secretary General Kofi Annan urged governments to safeguard human rights and the rule of law. A special session on Democracy, Terrorism and the Internet issued a declaration The Infrastructure of Democracy (Spanish) that urged governments to understand that an open Internet, like democratic government, provides the best response to future acts of terrorism. The Varsavsky Foundation helped organize the event and supported civil society participation. (Mar. 14)
  • Senators Propose Bipartisan Bill to Study FOIA Processing Delays. Senators John Cornyn (R-TX) and Patrick Leahy (D-VT) have introduced the Faster FOIA Act (pdf), legislation that will create a sixteen-member advisory commission tasked with suggesting ways to decrease delays in the processing of Freedom of Information Act requests. The bill is the second proposed by the Senators in three weeks to improve the Freedom of Information Act. The Senate Judiciary Committee's Subcommittee on Terrorism, Technology and Homeland Security will hold a hearing on the OPEN Government Act on March 15. For more information, see EPIC's Open Government Page. (Mar. 11)
  • Transportation Dept. Upholds Dismissal of EPIC's Claims Against Northwest. The Department of Transportation has affirmed (pdf) its dismissal of EPIC's complaint against Northwest Airlines, concluding that "an enforcement action is not in the public interest." EPIC had argued that the airline violated its privacy policy by disclosing millions of passenger records to NASA for use in a data mining study, thus committing an unfair and deceptive trade practice. For more information, see EPIC's page on the Northwest Airlines disclosure. (Mar. 11)
  • Choicepoint Self-Regulation Fails; Proposal Made to Provide Privacy, Accountability. Years ago, Choicepoint agreed to a set of self-regulatory principles to avoid privacy regulation created by the industry-supported Individual References Services Group (IRSG). The principles offered little real privacy (pdf) as Choicepoint opted out from giving people the right to control their data. Professor Dan Solove and Chris Hoofnagle have proposed a framework for addressing commercial data brokers as the Senate Banking Committee begins hearings to discuss Choicepoint. For more information, see EPIC's Choicepoint Page. (Mar. 9)
  • 32,000 Americans at Risk After Data Broker's Security Breach. Data broker LexisNexis announced today that its subsidiary, Seisint, may have allowed criminals to access sensitive information on 32,000 U.S. citizens, including names, addresses, Social Security and driver's license numbers. Seisint is also responsible for the Multistate Anti-Terrorism Information Exchange Program (MATRIX), a controversial law enforcement data mining program that has floundered in recent months due in part to privacy concerns. Seisint's security breach comes just weeks after it was revealed (pdf) that data broker Choicepoint sold data on 145,000 people to a criminal ring engaged in identity theft, and Bank of America announced that data tapes containing personal information on 1.2 million federal employees were either stolen or lost in late December. For more information, see EPIC's Financial Privacy Page and Choicepoint Page. (Mar. 9)
  • EPIC Launches "Spotlight on Surveillance" Project. The U.S. Customs and Border Protection agency wants $51.3 million in Fiscal Year 2006 for its America's Shield Initiative, which uses video and sensor surveillance technology to watch over America's borders in cities such as San Diego, Calif., and Detroit, Mich. But EPIC's Spotlight on Surveillance Project highlights substantial problems with America's Shield - most significantly, the program's sensor equipment cannot distinguish between humans and animals. This increase in spending on surveillance and monitoring systems has not helped the agency's bottom line. In 2000, the agency made 1.6 million apprehensions; every year since then the number has steadily fallen to half that. For more information, see EPIC 's Spotlight on Surveillance page. (Mar. 7)
  • EPIC Report: FTC's Market Approach Has Failed to Protect Consumer Privacy. In conjunction with the opening of EPIC's first satellite office in San Francisco, California, EPIC has released a policy report arguing that self-regulation has failed to meaningfully address consumer privacy. New technologies and invasive practices from the online world are finding their way into the offline world and have dragged down the practices of ordinary retailers. This paper argues that the FTC and Congress should reevaluate their commitment to market approaches, and empower consumers with privacy law that incorporates Fair Information Practices. (Mar. 3)
  • Choicepoint Also Sold Personal Data to Identity Thieves in 2002. The Los Angeles Times reported that Choicepoint, which recently admitted (pdf) it had sold personal information on 145,000 Americans to identity thieves, also sold such information on at least 7,000 people to identity thieves in 2002. Last week, EPIC urged the data broker to make available to the recent victims the information that was sold to the crime ring. Choicepoint has not yet disclosed this information. In its latest letter (pdf) to the victims, Choicepoint merely states that information such as "name, address or Social Security number" may have been accessed by the criminals. For more information, see EPIC's Choicepoint page. (Mar. 3)
  • EPIC Urges Scrutiny of Proposed Federal Profiling Agency. In a letter (pdf) to a House subcommittee, EPIC urged careful scrutiny of the Department of Homeland Security's proposed Office of Screening Coordination and Operations. This office would oversee vast databases of digital fingerprints and photographs, eye scans and personal information from millions of American citizens and lawful foreign visitors. Homeland Security has announced that the office's operations would be conducted in a manner that safeguards civil liberties, but the agency has not yet explained how it proposes to protect privacy rights or ensure accountability. For more information, visit EPIC's U.S. Domestic Spending on Surveillance Page. (Mar. 1)
  • EPIC Comments on Voter Registration Problems. EPIC has responded to the U.S. Election Assistance Commission's request for comments on a state survey of voter registration in 2004. The comments point out transparency and privacy problems associated with voter registration administration during last year's election. For more information, see EPIC's new page on Statewide Centralized Voter Registration Databases. (Mar. 1)
  • Tapes with Bank Data on 1.2 Million Federal Workers Likely Stolen. Bank of America announced that computer data tapes containing personal information on 1.2 million federal employees were lost in late December when they were shipped to a data center. However, Sen. Charles E. Schumer (D-NY) said he was told in a briefing that the tapes likely were stolen off of a commercial plane by baggage handlers. The data on the tapes includes Social Security Numbers, addresses, and financial information. The bank is sending letters to those affected and has set up a toll-free number for them. This incident comes two weeks after it was revealed that data broker Choicepoint sold data on 145,000 people to a criminal ring engaged in identity theft. For more information, see EPIC's Financial Privacy Page and Choicepoint Page. (Feb. 28)
  • EPIC Opposes Sharp Increase in Agency's Surveillance Spending. in a letter (pdf) to a Senate oversight committee, EPIC strongly opposed a significant increase in federal funding for the Transportation Security Administration's surveillance programs. EPIC's letter pointed out that the agency has repeatedly failed to meet its legal obligations for openness and transparency in the development of aviation security and worker credentialing programs. The letter also noted that EPIC has obtained documents under the Freedom of Information Act demonstrating that the agency has shown a proclivity for using personal information for purposes other than the ones for which the information was gathered or volunteered. For more information about the proposed Fiscal Year 2006 budget, see EPIC's U.S. Domestic Spending on Surveillance Page . (Feb. 28)
  • Accountability Office Weighs In on US-VISIT. The Government Accountability Office has released a report (pdf) on the status of Department of Homeland Security's US-VISIT program. The report concluded that DHS has made some progress satisfying requirements set by Congress, but much remains to be done. Among other things, the office found that the agency has not conducted a security risk assessment for the program, and has no anticipated date for completing one. Furthermore, the GAO noted that the most recent privacy impact assessment for US-VISIT does not fully comply with the Office of Management and Budget's guidance for performing such evaluations. For more information, see EPIC's US-VISIT Page. (Feb. 25)
  • Report Issued on Secure Flight Commercial Data Test. The Government Accountability Office has released a report (pdf) on measures for testing the use of commercial data within Secure Flight, the passenger prescreening program currently being developed by the Transportation Security Administration. The report concluded that the agency has developed preliminary measures for concept testing, but further review is needed to determine whether the measures will be effective for actual use in Secure Flight. For more information, see EPIC's Passenger Profiling Page. (Feb. 25)
  • UPDATE - EPIC Urges Choicepoint to Give Victims Access to Records, Turn Over Profits From Bogus Sales. In a letter to the Choicepoint CEO, EPIC today urged the company to "make available to the 145,000 people the information that was sold by your company last fall to the crime ring." EPIC also urged Choicepoint to "disgorge the funds that you obtained from the sale of the data and make these funds available to the individuals who will suffer from identity theft as a result of this disclosure." EPIC concluded that "your recent security breach demonstrates the profound importance of having the Choicepoint AutoTrackXP and Customer Identification Programs databases regulated by the Fair Credit Reporting Act." More information at the EPIC Choicepoint Page. (Feb. 19)
  • Senate Unanimously Passes Genetic Nondiscrimination Bill. The U.S. Senate unanimously passed the Genetic Information Nondiscrimination Act of 2005, which prohibits employers from using genetic information in employment decisions and insurance companies from denying coverage or basing premium rates on that information. The bill also establishes privacy protections for genetic information held by employers, employment agencies, labor organizations, and others. Last year, a similar bill passed in the Senate but died in the House. For more information, see EPIC's Genetic Privacy Page. (Feb. 18)
  • Choicepoint Snafu Widens. Commercial data broker Choicepoint has wrongfully disclosed information on more than 145,000 Americans. The warning letters sent by the company to California residents indicate that individuals are subject to a heightened risk of identity theft. In December 2004, EPIC urged the Federal Trade Commission to initiate an investigation of Choicepoint and the data broker industry under the Fair Credit Reporting Act. News of the breach has sparked calls to extend the California notice law to all states and for credit freeze legislation. For more information, see EPIC's Choicepoint Page and the California Office of Privacy Protection. (Feb. 16)
  • California School Drops RFID Tracking Program. Brittan Elementary School in Sutter, CA, has abandoned an experimental RFID program after InCom, the company which developed the technology, pulled out of its agreement with the school. Last week, EPIC, along with the Electronic Frontier Foundation and ACLU-Northern California, urged the Brittan School Board in a joint letter (pdf) to terminate the program that used mandatory ID badges to track children's movements in and around the school with RFID technology. The letter argued that the program breached children's right to privacy and dignity by treating them like cattle or pieces of inventory. For more information, see the press release and EPIC Children and RFID Systems Page. (Feb. 16)
  • Bipartisan Bill Introduced to Enhance Open Government. Senators John Cornyn (R-TX) and Pat Leahy (D-VT) have introduced the OPEN Government Act (pdf), a bill that will improve government accountability by strengthening federal laws such as the Freedom of Information Act. EPIC is among the many groups supporting this legislation to encourage access to the federal government. For more information, see EPIC's Open Government Page. (Feb. 16)
  • EPIC Comments on Metro's Public Access to Records Policy. EPIC has submitted comments on the Washington Metropolitan Area Transit Authority's new Public Access to Records Policy. By incorporating provisions of the federal Freedom of Information Act into the policy, Metro has made a step in the right direction to better protect the privacy of its riders, while allowing the public and the media to get improved access to information, and provides information requesters with a right of administrative appeal and judicial review to challenge denials. However, a few provisions of the new policy may allow Metro to deny information access requests for illegitimate reasons, thereby precluding adequate public oversight over its activities, and preventing meaningful accountability. (Feb. 15)
  • Criminals Gain Access to Choicepoint Databases. Bob Sullivan has reported that commercial data broker Choicepoint issued notices to over 30,000 California residents that their personal information may have been accessed by criminals with access to the Choicepoint's information products. Individuals outside California may have been affected too, but the company is not obligated to disclose security breaches to residents of other states. As recently as two weeks ago, EPIC again warned the Federal Trade Commission about unjustified access to commercial databases and questioned the adequacy of Choicepoint's auditing procedures. For more information, see EPIC's Choicepoint Page. (Feb. 15)
  • EPIC Comments on Federal Employee Privacy. EPIC has submitted comments (pdf) to the National Institute of Science and Technology (NIST) on "Special Publication 800-73" (pdf) titled "Interfaces for Personal Identity Verification," to warn of the potential to do more harm than good if important considerations like federal employee privacy and third party use of a broadly used federal employment ID are not taken into consideration during the development phase. Last month EPIC testified (pdf) at a hearing held by NIST and the Office of Management and Budget, that the proposed Personal Identity Verification (pdf) for Federal employees and contractors does not take privacy protections into account. For more information on workplace privacy, see the EPIC Workplace Privacy Page. (Feb. 14)
  • EPIC Submits Comments to FTC Regarding Children's Online Activity. EPIC has submitted comments (pdf) to the Federal Trade Commission on its proposal to weaken the Children's Online Privacy Protection Act's parental notice requirements. EPIC challenged the underlying assumptions presented by the FTC in its proposal to make permanent the "Sliding Scale 2005" which addresses parental communications regarding their children's online activity. For more information see EPIC's Children's Online Privacy Protection Act page. (Feb. 14)
  • US Government Agency Directs .us to Discontinue Anonymous Domain Registration. The US Department of Commerce National Telecommunications and Information Administration (NTIA) has directed Neustar, the company that runs .us, to prohibit anonymous or proxy domain registrations. This direction by the NTIA is intended to create complete and accurate data in the WHOIS database. What this does, however, is ensure that registrants' data including such personal information as address and phone number will be made publicly and anonymously accessible to anyone online including spammers and marketers. For more information, see the EPIC WHOIS Page. (Feb. 11)
  • Federal Budget Ups Surveillance Spending. President Bush's proposed $2.57 trillion federal budget for fiscal year 2006 greatly increases the amount of money spent on surveillance technology while cutting about 150 programs, many from the departments of health, education, farming, housing and the environment. The Department of Homeland Security wants $847 million to create the Office of Screening Coordination and Operations, which would oversee vast databases of digital fingerprints and photographs, eye scans and personal information from millions of Americans and foreigners. The National Science Foundation would receive $5.6 billion, which includes a 2.4 percent increase in research funding, but a decrease in its education budget. This continues a dramatic shift in the research priorities of the traditional science organizations. For more information, see the EPIC Federal Spending on Surveillance Page. (Feb. 9)
  • EPIC Urges Stop to RFID Tracking Scheme for School Children. EPIC, along with EFF and the ACLU-Northern California, urged the Brittan School Board in a joint letter to terminate an experimental program using mandatory ID badges tracking children's movements in and around the school with RFID technology. The letter (pdf) argues that the program breaches children's right to privacy and dignity as human beings by treating them like cattle or a piece of inventory, and that the RFID badges jeopardize the safety and security of students by broadcasting their identity and location information to anyone with a chip reader. For more information, see the EPIC Children and RFID Systems Page. (Feb. 8)
  • Homeland Security Publishes Privacy Report. The Department of Homeland Security has published its first annual report to Congress (pdf 2.1 MB) detailing the office's activities from April 2003 to June 2004. The report describes privacy policy development, outreach, and other initiatives, but fails to address the adequacy of the Privacy Office's authority to investigate privacy breaches. For example, the Privacy Office has not reported the extent to which the agency has obtained passenger record data from airlines since 9/11. For more information, see the EPIC Passenger Profiling Page. (Feb. 2)
  • Security Flaws Revealed in RFID Enabled Products. Students at Johns Hopkins University have discovered serious security flaws in the Radio Frequency Identification (RFID) chips which are used to protect cars from theft and prevent fraudulent use of Speedpass keys. The research shows that even RFID systems considered to be secure remain vulnerable, which only highlights the need to prioritize analysis of privacy and security prior to implementation of RFID technology. The potential for exploitation of the security deficiencies serves as a warning to all industries and governments that would hastily assemble RFID enabled systems in order to identify and/or track people as they cross borders. For more information, see the EPIC RFID Page. (Feb. 1)
  • EPIC Supplements Data Broker Filings. In a follow up letter to the Federal Trade Commission, EPIC supplemented earlier filings that requested that the agency investigate commercial data brokers for compliance with the Fair Credit Reporting Act. The letter points to recent news reporting that characterizes commercial data broker Choicepoint as a "private intelligence service" and a recent television broadcast showing private investigators using a commercial data broker without legal justification. For more information, see the EPIC Choicepoint and Fair Credit Reporting Act Pages. (Feb. 1)
  • EPIC Questions Secrecy of TSA Privacy Advisory Group. In a letter (pdf) to the Transportation Security Administration's privacy officer, EPIC has asked why the Secure Flight Privacy/IT Working Group is not being operated in accordance with federal law intended to ensure transparency of government advisory committees. "EPIC has urged TSA, since the earliest days of its existence, to develop aviation security policies and initiatives in an open and public manner," EPIC stated. "Given the clear privacy implications of the Secure Flight program . . . and the obvious public concern surrounding a system that will conduct background checks on tens of millions of citizens, we belive it is critical that any assessments of Secure Flight be made in an open manner." For more information, see EPIC's Passenger Profiling Page. (Jan. 31)
  • Acxiom Tried to Dilute Privacy Laws. EPIC has obtained documents (pdf 500k) under the Freedom of Information Act showing that commercial data broker Acxiom lobbied to water down key federal privacy laws immediately after the September 11, 2001 terrorist attacks. Acxiom sought broader access to "credit headers" and drivers information in order to develop a system for "identity and information verification that can be used by organizations such as airlines, airports, cruise ships, and large buildings and other applications to better determine whether a person is actually who they say they are." For more information, see EPIC's Drivers' Privacy and Financial Privacy Resources Pages. (Jan. 26)
  • Nation's Capital Under Unprecedented Surveillance. With the inauguration of President Bush this week, Washington, DC has become a city under technological siege. EPIC has documented the growing expansion of video surveillance in Washington though the Observing Surveillance project. EPIC has also obtained documentary evidence that surveillance equipment is directed toward activists and political protesters. EPIC has urged the DC City Council to establish privacy safeguards for residents, tourists, and employees in the US capital. (Jan. 20)
  • EPIC FOIA Suit Reveals FBI Kept Millions of Passenger Records. EPIC has learned through Freedom of Information Act litigation that the FBI obtained 257.5 million Passenger Name Records following 9/11, and that the Bureau has permanently incorporated the travel details of tens of millions of innocent people into its law enforcement databases. The FBI made the revelation as it explained (pdf) why it made heavy redactions in documents (pdf) it released to EPIC in September. For more information, see EPIC's Passenger Profiling Page. (Jan. 14)
  • EPIC Obtains FBI Reports to Congress on Carnivore. Through the Freedom of Information Act, EPIC has obtained FBI reports to Congress stating that the agency did not use its DCS 1000 Internet monitoring system -- formerly known as Carnivore -- during fiscal years 2002 (pdf) and 2003 (pdf). According to the reports, the FBI used commercially available software to conduct court-ordered surveillance thirteen times during the two-year period. The reports suggest that the FBI's need for Carnivore-like Internet surveillance tools is decreasing, likely because ISPs are providing Internet traffic information directly to the government. Fore more information see EPIC's Carnivore Page. (Jan. 14)
  • EPIC Presents Privacy Year in Review, Issues to Watch. The USA PATRIOT Act. California's privacy reforms. Data outsourcing. National ID. Internet privacy. EPIC's Special Alert reviews the top privacy stories of 2004 and shows you the trends to keep an eye on in 2005. (Jan. 12)
  • EPIC Proposes New Framework for Regulation of RFID in Health Care Settings. In a presentation today to a committee of the Department of Health and Human Services, EPIC Executive Director Marc Rotenberg recommended the establishment of a new Four Tier Framework for RFID Regulation for medical information. The framework builds on EPIC's earlier Guidelines for RFID Technology. EPIC said that privacy rules should apply to most RFID applications and that additional safeguards will be necessary given RFID's unique tracking capabilities. EPIC proposed no privacy restrictions on the use of RFIDs in bulk products not associated with specific patients, but urged the prohibition of RFID implants. For more information, see the EPIC RFID page. (Jan. 11)
  • Coalition Opposes Telemarketing Loophole. EPIC, joined by a coalition of consumer and privacy groups, filed comments today with the Federal Trade Commission and Federal Communications Commission urging the agencies not to create a loophole for prerecorded established business relationship telemarketing. If the loophole is adopted, businesses could send prerecorded messages to their customers, even if they are on the Do-Not-Call Registry. Senators Bill Nelson (D-FL) and Diane Feinstein (D-CA) have also objected (PDF) to the proposed loophole. For more information, see the EPIC Telemarketing Page. (Jan. 10)
  • Police Collect DNA From Cape Cod Town's Male Residents. Police in Truro, Massachusetts are seeking DNA samples from the town's 800 male residents for a murder investigation that has remained unsolved for three years. Police say that giving a DNA sample is voluntary, but that those who refuse may have "something to hide." It is unclear whether the samples will be destroyed when, or if, the crime is solved. For more information, see EPIC's Genetic Privacy Page. (Jan. 10)
  • EPIC Challenges Choicepoint to Public Hearings on Consumer Privacy. EPIC has called for hearings in Congress and before the Federal Trade Commission on the need for new privacy protections for American consumers. In a December 16, 2004 complaint to Federal Trade Commission, EPIC urged the Commission to determine whether Choicepoint, a large information broker, complies with federal privacy law and also whether it will be necessary to update the laws. Choicepoint disputed EPIC's charges but said it favored a national debate. Let the debate begin. More information at EPIC's Choicepoint and FCRA Pages. (Jan. 5)
  • US-VISIT Expands to 50 Busiest Land Ports. The Department of Homeland Security has extended the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) to the 50 busiest land border points of entry into the United States. The agency intends to expand the program, which is also operational at 115 airports and 15 sea ports, to all land points of entry by the end of this year. To date, more than 16.9 million foreign travelers to the U.S. have been "processed" through the program. For more information, see EPIC's US-VISIT Page. (Jan. 5)