Focusing public attention on emerging privacy and civil liberties issues

Previous Top News 2006

  • Homeland Security Extends Comment Period on Citizen Profiling System. The Department of Homeland Security has extended until Friday, December 29 the deadline for public comments for the "Automated Targeting System," a federal database that creates secret, terrorist ratings on tens of millions of American citizens. EPIC, 29 organizations and 16 privacy and technology experts filed comments (pdf) urging the agency to suspend the program and to fully enforce Privacy Act obligations. Rep. Bennie Thompson (D-MS) said that "serious concerns have arisen that, with respect to U.S. citizens and possibly lawful permanent aliens, some elements of ATS as practiced may constitute violations of privacy or civil rights." The problems of the Automated Targeting System are described in the current EPIC Spotlight on Surveillance. The public may submit comments here (docket = DHS-2006-0060). (Dec. 8)
  • Coalition, Experts Urge End to Government Database that Assigns Terrorist Ratings to US Citizens. In comments filed with the Department of Homeland Security on Monday, a coalition of organizations and experts in technology and privacy urged the federal agency to curtail the "Automated Targeting System" , a federal database that creates secret, terrorist ratings on tens of millions of American citizens. The problems of the Automated Targeting System are described in the current EPIC Spotlight on Surveillance "Customs and Border Protection's Automated System Targets U.S. Citizens." (Dec. 4)
  • Federal Appeals Court Finds that Police Lacked Probable Cause for DNA Warrant. In a challenge to a dragnet search in which the DNA samples of more than 600 individuals were collected by the Baton Rouge police department, the Fifth Circuit Court of Appeals has reversed a lower court and held that the DNA search warrant lacked probable cause. The Court rejected the government's claim that it should consider a vague FBI profile to support the warrant application. EPIC submitted a "friend of the court" brief pdf arguing that warrantless, suspicionless DNA dragnets are unconstitutional and ineffective. For more information, see EPIC's pages on Kohler v. Englade and Genetic Privacy. (Nov. 21)
  • Warrantless DNA Collection Unconstitutional, Says Minnesota Appeals Court. The Minnesota Court of Appeals has struck down a state law authorizing the warrantless, automatic collection of DNA samples from people charged with but not convicted of crimes, calling the law unconstitutional. "[T]he privacy interest of a person who has been charged but not convicted is not outweighed by the state's interest in collecting and analyzing a DNA sample," the court said. The Minnesota case is similar to a case under review in the Fifth Circuit, Kohler v. Englade, in which EPIC submitted a "friend of the court" brief (pdf) arguing that warrantless, suspicionless DNA dragnets are unconstitutional and ineffective. For more information, see EPIC's pages on Kohler v. Englade and Genetic Privacy. (Nov. 21)
  • Homeland Security Releases Overdue Privacy Report. The Department of Homeland Security finally released the Privacy Office Annual Report to Congress. The Department is required by law to provide the report each year "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters," but the report was more than a year overdue. Earlier this year, EPIC wrote to the Department of Homeland Security to urge the release of the report. Then President Bush issued a statement in which he said the"executive branch shall construe section 522 of the Act, relating to privacy officer reports, in a manner consistent with the President's constitutional authority to supervise the unitary executive branch." The White House influence on federal privacy policy can be found in Section V of the agency's report. More information at the EPIC page "Privacy Report Held Hostage." (Nov. 20)
  • Police Shoot UCLA Student with Taser For Failure to Show ID.An Iranian student at UCLA, who was quietly studying in the campus library, was detained by the police and shot several times with a police taser when he failed to provide an identity document. A YouTube video shows the entire incident. According to an Amnesty International report, the use police use of tasers has resulted in several deaths. The Council on American-Islamic Relations called for an independent investigation of the UCLA Muslim Student Taser Incident. For more information, see EPIC REAL ID Page (Nov. 16)
  • EPIC Files Brief Urging Supreme Court to Review Secret Law. EPIC joined with other organizations today in urging the Supreme Court to review Gilmore v. Gonzales. The case concerns a secret rule that allows airport personnel to require travelers in the United States to produce identification. EPIC's brief said that the secret agency rule "offends the Constitution and implicates the rights of millions of American travelers who are presently subject to arbitrary and unaccountable governmental authority." (Nov. 14)
  • PI Publishes Country Privacy Rankings. A new report from Privacy International ranked the state of privacy protection in 37 countries around the world. The survey was based on the EPIC/PI 2005 Privacy and Human Rights report and found wide disparities in the levels of privacy protection and enforcement (graphic). Germany and Canada placed at the top; the UK, Malaysia, and China were at the bottom. Privacy and Human Rights is available for sale at the EPIC Bookstore. (Nov. 2)
  • Privacy Commissioners Meet in London. Privacy officials, legal scholars, and NGOs from around the world gathered in London for the 28th annual International Data Protection and Privacy Commissioners' Conference. A report on the Surveillance Society was presented. The Privacy Commissioners issued a resolution, expressing concern about the rapid growth of surveillance. The 2007 conference "Privacy Horizons: Terra Incognita" will be be held in Montreal. (Nov. 1)
  • Microsoft Announces New Identity Management System. Microsoft has announced an "identity metasystem" that allows a user to create multiple virtual ID cards. The approach appears preferable to the earlier Microsoft Passport identity system. In 2001 EPIC and a coalition of consumer groups filed a complaint with the Federal Trade Commission alleging that the the Passport system violated Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in trade. In August 2002, the FTC agreed with EPIC that Passport was flawed and settled with Microsoft. As part of the settlement, Microsoft agreed to implement a comprehensive information security program for Passport and similar services. More information at EPIC Microsoft Passport Investigation Page. (Oct. 31)
  • NCVI Announces Recommendations for E-voting Systems. The National Committee for Voting Integrity has prepared recommendations to assist voters and election administrators. The guidance was prepared with the assistance of the Brennan Center for Justice and addresses the use of electronic voting systems in the upcoming national elections. NCVI and the Brennan Center warn that the recent implementation of electronic voting systems will make ensuring that all votes are accurately counted a difficult and challenging task. It is estimated that 80% of all voters will use either Optical-Scan or direct recording electronic (DRE) voting systems during this years election. For more information, see EPIC's Page on Voting Privacy. (Oct. 30)
  • European Commission: More Privacy Safeguards for RFID. The European Commission is calling for stricter privacy controls for radio frequency identification (RFID) technology. The increasing use of RFID technology "will raise tremendous challenges for sovereignty, individual liberties and economic independence. It will be necessary that citizens keep control of how the information concerning them is utilized and updated and how the tags can be deactivated," EU Information Society Commissioner Viviane Reding said (pdf) at the EU RFID 2006 Conference. The Commission is considering proposing legislation to ensure privacy safeguards in RFID use. For more information, see EPIC's Page on RFID. (Oct. 16)
  • Government Report: Thousands Misidentified on Watch Lists. More than 30,000 travelers have been mistakenly linked to names on terror watch lists when they crossed the border, boarded commercial airliners or were stopped for traffic violations, according to a report (pdf) by the Government Accountability Office. EPIC has repeatedly (pdf) warned that the false positive problem -- when a person who is not a suspect is mistakenly matched to a watch list -- is difficult to fix. The watch lists include 325,000 names of terrorism suspects or people suspected to aid them, more than quadruple the 75,000 names on the lists when they were created in 2003. For more information, see EPIC's Page on Passenger Profiling. (Oct. 14)
  • Chicago Mayor: Surveillance Camera on Every Corner by 2016. Chicago Mayor Richard Daley said that he plans that by 2016, there will be a surveillance camera on every corner in the city. "We'll have more cameras than Washington, D.C. ... Our technology is more advanced than any other city in the world -- even compared to London," he said. Chicago has more than 200 cameras, and Daley's Fiscal Year 2007 budget includes funds for 100 more cameras. EPIC has explained that studies have repeatedly shown that cameras do not prevent crime. It is better to have police and better lighting than cameras. Detroit, Miami and Oakland all have abandoned their camera surveillance systems because they did not cut down on crime. For more information, see Observing Surveillance and EPIC's Page on Video Surveillance. (Oct. 12)
  • ICANN Renewal Threatens Online Privacy. The US Department of Commerce and the ICANN have signed a three-year Agreement that anticipates increased independence for the international organization that manages the Internet. However, the US also sought to enforce a policy on access to WHOIS data that undermines the privacy of Internet users. Many governments have established stronger safeguards for the global database that contains detailed personal information on those who register Internet domains. The United States is seeking to block these efforts. Background at the EPIC WHOIS Privacy page. (Oct. 9)
  • Temporary Agreement Reached on Transfer of Passenger Data. The United States and the European Union have established a temporary arrangement for the transfer of personal information on European travelers that will expire in July of 2007. An earlier agreement was annulled by the European Court of Justice. The new agreement gives the Europeans greater control over the disclosure of passenger data to the United States. However, it leaves unresolved whether the United States has adequate privacy protections to safeguard the private information of European consumers. For more information, see the EPIC pages on Air Travel Privacy and EU-US Airline Passenger Data Disclosure. (Oct. 6)
  • US, Europeans Fail to Reach Accord on Passenger Data. The European Union and the United States are in a "legal vacuum" three months after the European Court of Justice struck down the passenger name record deal that allowed the transfer of personal information on European travelers to the U.S. government. European airlines face lawsuits by European citizens for violating European privacy laws if the information is disclosed to the U.S. without a new agreement. European consumer organizations have called for strong safeguards for personal data. Officials say negotiations will continue. More information at EPIC pages on Air Travel Privacy and EU-US Airline Passenger Data Disclosure. (Oct. 3).
  • D.C. Police Chief: Expanded Camera Surveillance Hasn't Cut Crime. In the seven weeks that they've been deployed, Washington, D.C.'s 48 new surveillance cameras have not helped to solve any cases, according to D.C. Police Chief Charles Ramsey. He spoke before the Council's Committee on the Judiciary about the emergency crime legislation adopted on July 11. EPIC and other groups opposed the Council's decision to expand camera surveillance, establish an earlier curfew, and grant police access to confidential juvenile information. EPIC has repeatedly warned (pdf) the Council that the use of public surveillance systems are ineffective and prone to abuse. For more information, see EPIC's Video Surveillance page. (Oct. 3)
  • Supreme Court Ignores DNA Appeal. The Supreme Court this week chose not to hear the appeal of a Washington, D.C. resident who argued that the collection of his DNA for a federal database violated the Fourth Amendment. EPIC filed an amicus brief in support of his petition. More information about Johnson v. Quander and Genetic Privacy at the EPIC Web site. (Oct. 2)
  • Broad Coalition Urges Congress to Focus on Telephone Company Involvement in NSA Domestic Surveillance Program. As the House Commerce Committee begins hearings on the Hewlett-Packard pretexting fiasco, almost 40 organizations in a joint statement have urged the Committee to "show the same level of interest in the NSA spying as you have show in the investigation of the Hewlett-Packard matter." The statement follows an earlier EPIC request to FCC Chairman Martin which stated that "If telecommunications carriers disclosed customer information to the NSA in the manner described in press reports, then violations of section 222 of the Communications Act have occurred." (Sept. 28)
  • EPIC Reminds Homeland Security Department to Publish Annual Privacy Report. In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the DHS privacy report will be made available. The Department is required by law to provide an annual report to Congress "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last report, which covered the period April 2003 to June 2004, was published in February 2005. The DHS Inspector General has routinely submitted semiannual reports to Congress on a timely basis. (Sept. 26)
  • EU Privacy Panel Challenges US Datamining Program. The Article 29 Data Protection Working Party has questioned the legality of a Bush Administration program that monitors international financial transactions. SWIFT, a Belgian based banking cooperative, is at the center of the dispute. The Working Party is expected to say that the disclosure of European financial records to the CIA and other American intelligence agencies violates European privacy law. Privacy International brought formal complaints against the Swift program after its disclosure. EPIC's recent Spotlight on Surveillance examines the SWIFT program in more detail. (Sept. 26)
  • New Report Raises Questions About Privacy, Future of Internet. A detailed survey of technology thinkers and stakeholders predicts that the Internet of 2020 will be more widespread, low-cost, and contribute to a flattening of social hierarchies. However, the respondents also expressed concerns about interoperability, government regulations, commercial interests, and the loss of privacy. A significant 42% of survey participants were pessimistic about humans' ability to control the technology in the future. They predicted that dangers and dependencies will grow beyond our ability to stay in charge of technology. The survey was conducted by the Pew Internet and American Life Project. (Sept. 25)
  • States Estimate Cost of Real ID Will Be $11 Billion. The National Conference of State Legislatures released a report on the Real ID Act, which estimates that that the cost to the states will be more than $11 billion over five years. The federal Real ID Act creates national standards for issuing state drivers licenses and identification cards. States also expressed concern regarding the application of the Drivers Privacy Protection Act to the records retention and information sharing requirements of Real ID. More information at the EPIC National ID Cards and Real ID Act page. (Sept. 21)
  • EPIC Urges Commerce Department to End Export Double Standard. In a letter to Secretary Carlos Gutierrez, EPIC urged the Department of Commerce to restrict the export of high-tech surveillance equipment to China. While US law limits the export of tear gas, handcuffs, and shotguns to China, high-tech equipment that is used for communications surveillance and censorship is exported to the country without restrictions. EPIC's letter cited the2005 US State Department report and the Privacy and Human Rights report which document the role that surveillance and censorship technology plays in political repression. (Sept. 21)
  • Missouri's Voter ID Law Struck Down. Judge Richard Callahan of Cole County Circuit Court ruled that Missouri's voter photo ID law created an unconstitutional burden on the right to vote. Missouri citizens challenged the voting ID law that required proof of lawful presence, proof of identity, and proof of residence to obtain a state ID. Although there was no cost for the state-issued ID document, the court found there were significant costs to complete the application process. In other voter ID news, Georgia's third attempt to establish a photo ID requirement was also declared unconstitutional by a federal court judge. For more information, see EPIC's page on Voting Privacy. (Sept. 15)
  • European and US Consumer Groups Urge Privacy Safeguards for Air Travel Information. The Trans Atlantic Consumer Dialogue has written to Homeland Security Secretary Michael Chertoff and European Commissioner Franco Frattini recommending the establishment of legal protections for passenger information collected by the US government. The letter follows an earlier statement from TACD that identified numerous risks to consumers that would result from the disclosure of detailed personal information. The TACD letter responds to Secretary Chertoff's recent call for increased government snooping. EPIC has filed a Freedom of Information Act request with the Department of Homeland Security regarding the program and whether adequate privacy safeguards have been established. The European Court of Justice earlier held that there was no legal basis for the Homeland Security program. For more information, see EPIC's air travel privacy page. (Sept. 13)
  • Arizona's Voter ID Law Known as the Strictest in the Nation Upheld. U.S. District Judge Roslyn O. Silver upheld Arizona's voter ID law in a decision issued yesterday -- one day before the law would be used for the first time in a statewide election. That state imposes proof of citizenship requirements on voters in the registration process and on Election Day. The judge requested additional briefs and scheduled a hearing for October 19, but did not provide her reasoning behind the decision. The new voter ID requires is a result of Proposition 200 placed on a statewide ballot in 2004. According to the National Conference of State Legislatures, 24 states have some form of ID requirement with only seven with a photo ID provision. This list does not include the state of Georgia, whose voter photo ID law was ruled unconstitutional earlier this year. On Capitol Hill, the House Committee on Administration is planning to hold a markup this Thursday of H.R. 4844, a bill to require voters to prove their citizenship and present photo ID prior to voting in any federal election. For more information, see EPIC'S Voting Privacy page. (Sept. 12)
  • HP Pretexting Fiasco Underscores Need for Clear Standards to Protect Phone Record Privacy. For more than a year, EPIC has urged policymakers in Washington to address the growing problem of "pretexting," obtaining someone else's personal information by fraudulent means. In a petition to the FCC in 2005, EPIC recommended that the FCC establish strong security standards for customer records. EPIC had also filed a complaint with the FTC urging a crackdown on the data broker industry. Earlier this year, EPIC testified in the House (pdf) and the Senate on the need for strong federal legislation to stop pretexting. More information at the EPIC page on Illegal Sale of Phone Records. (Sept. 12)
  • EPIC, Privacy International Publish 2005 Privacy and Human Rights Report. At a hearing of the Eminent Jurists Panel in Washington, DC, EPIC and PI released "Privacy and Human Rights: An International Survey of Privacy Laws and Developments." The 1,200 page report explores privacy developments around the globe and provides detailed information on emerging privacy topics. Executive summaries are available in Spanish, Russian, and Arabic. The report is available for sale. (Sept. 8)
  • 5th Circuit to Hear DNA Dragnet Appeal. The Fifth Circuit Court of Appeals will be hearing oral arguments in Kohler v. Englade on September 7. The case involves a DNA dragnet, in which police demanded that over 1,200 men provide DNA samples in an investigation. When Shannon Kohler, one of the men caught in the dragnet, refused to give a sample, police obtained a warrant to seize a sample and notified the media that Kohler was a suspect in a series of rapes and murders. The police later cleared Kohler as a suspect in the investigation. Kohler then filed suit against the police department, alleging violations of his Fourth Amendment rights. Kohler asked for his DNA profile to be removed from any state or federal database and has requested damages for the invasion of his privacy. After a district court ruled against him, Kohler appealed to the Fifth Circuit. EPIC has filed a "friend of the court" brief (pdf) highlighting the ineffectiveness of DNA dragnets, as well as the constitutional violations they create. EPIC Executive Director Marc Rotenberg will be arguing before the court in support of Kohler's position. (Sept. 5)
  • Senate Subcommittee Holds hearings on Airline Passenger Screening. On September 7, the Senate Subcommittee on Terrorism, Technology, and Homeland Security will hold a hearing on pre-screening international travelers who are flying into the United States. A Homeland Security program that acquired European passenger name records for pre-screening was opposed for its privacy violations by the European Parliament, and struck down by the European Court of Justice earlier this year. Homeland Security Secretary Chertoff has announced plans not only to revive the program, but also to expand certain aspects of it. For more information, see EPIC's Passenger Data page. (Sept. 5)
  • House Subcommittee Holds Hearings on Domestic Surveillance. On Wednesday, September 6, the Crime Subcommittee of the House Judiciary Committee will hold a hearing (pdf) on several proposals amending the Foreign Intelligence Surveillance Act ("FISA"). The proposals stem from revelations of a secret domestic surveillance program approved by the Bush administration in violation of FISA. Several bills are to be discussed, ranging from those that amend FISA to authorize the program to those that indicate that the program violates FISA. Another bill would require the administration submit a report to Congress requesting additional surveillance powers, while yet another would create a congressional commission to investigate the domestic surveillance programs and report upon their legality. (Sept. 5)
  • California RFID Bill Nears Approval. The California legislature has recently passed the Identity Information Protection Act, which requires that state-issued IDs that contain remotely-readable RFID chips must contain adequate security features to prevent them from being read by unauthorized parties. The bill now goes to Governor Schwarzenegger for approval. California civil liberties groups are urging residents to write the governor, encouraging him to sign the bill. (Sept. 1)
  • Government to Require Cars Warn of Data Recording. Car buyers will have to be notified if their car contains an Event Data Recorder (EDR), according to a new rule by the National Highway Traffic Safety Administration. EDRs, like "black boxes" used in airplanes, record information about a car's operation in the moments before a crash. The new rule, which goes into effect 2010, requires that cars equipped with EDRs must mention the usage in the owner's manual. The new rule also requires that all EDRs must record the same information and that they be more durable, but stops short of requiring them in all new vehicles. EPIC earlier filed comments urging stronger privacy safeguards. (Aug. 22)
  • DHS Seeks Expanded Access to Travelers' Data. The Department of Homeland Security recently proposed expanding a program that would transfer detailed airline passenger recordsbetween European airlines and the US government. In 2003, the Department secretly entered into an agreement with European governments to obtain personal information on European travelers to the United States. The European Parliament challenged the agreement and the European Court of Justice recently ruled that the agreement lacked a legal basis. Negotiators have until September 30 to come up with a program that complies with European privacy law. (Aug. 22)
  • DHS Inspector General: More Security Needed for RFID. According to a report by the Department of Homeland Security's Office of the Inspector General, the Department's use of radio frequency identification (RFID) technology leaves critical information open to unauthorized access. The small, remotely-readable chips are being placed in immigration documents, passports, and are may soon be used to track cargo and passenger baggage. In addition to database security concerns, the Inspector General's report highlighted that data on a tag, in the absence of adequate security measures, can be read by a variety of authorized and unauthorized readers. EPIC has previously filed comments (pdf) with DHS on the vulnerabilities of RFID systems. (Aug. 21)
  • $50 Million Verdict for Violating Drivers' Privacy in FL. A Florida bank was required to pay $50 million in a class-action settlement resulting from violations of federal privacy law. Fidelity Federal Bank & Trust purchased 656,600 names and addresses from the Florida DMV for use in direct marketing. The purchase violated the Drivers Privacy Protection Act, a 1993 law passed after it was shown that stalkers and other criminals had used motor vehicle records to locate their victims. EPIC filed a "friend of the court" brief in favor of the plaintiffs before the Eleventh Circuit, arguing that the penalties provided by the law create a necessary incentive for both states and private entities to preserve the privacy of drivers' personal information. For more information, see EPIC's Kehoe v. Fidelity Federal Bank and Trust page. (Aug. 28)
  • Court Rules Administration's Domestic Spying Illegal. A federal judge ruled (pdf) that the government's warrantless wiretapping program is unconstitutional and ordered it end immediately. Last year, news reports revealed that President Bush secretly issued an executive order in 2002 authorizing the NSA to conduct warrantless surveillance of international telephone and Internet communications on American soil. In today's ruling, Judge Anna Diggs Taylor said the program violates the rights to free speech and privacy as well as separation of powers. Previously, analyses by the Congressional Research Service(pdf) and a coalition of distinguished scholars (pdf) found the program violated laws. For more information, visit EPIC's Spotlight on Surveillance and Resources on Domestic Surveillance pages. (Aug. 17)
  • AOL Published Users' Searches. AOL recently published a list of 650,000 users' search queries. The 20 million search terms included names, addresses, and SSNs, as well as a number of sensitive topics. Queries were listed under individual "user numbers," though users were not identified by name or screen name. Though AOL later apologized and removed the pages with the information, subsequent copies of the data remain online. AOL's decision to publish the data contrasts with a recent federal court decision that found that Google did not have to turn over user search records in response to a Justice Department subpoena in a civil case. For more information on that case, see EPIC's COPA page. See, the Article 29 Working Group's paper Data Protection and search engines on the Internet (Aug. 8)
  • Governments, Public Interest Groups Support WHOIS Privacy. ICANN has posted the written statements of several government and private entities supporting privacy in the WHOIS database. Various government officials contributed to the record supporting a narrower formulation of the database's purpose, including the Privacy Commissioner of Canada, the Chair of the European Union Working Party on Data Protection, and the President of the Belgian Data Protection Commission. Private organizations, including the Association for Computing Machinery and the Canadian Internet Policy and Public Interest Clinic, also supported this formulation, which would pave the way for implementing better WHOIS privacy in the future. EPIC's comments on the proceedings are available here. (Jul. 28)
  • State Officials and Consumer Groups Oppose Ineffective Data Breach Bill in Congress.A data breach notification bill backed by the House Financial Services Committee drew criticisms from state law enforcement officials and a coalition of consumer groups, who said that existing state laws are more effective at protecting consumers. In a letter to House leadership signed by 48 state attorneys general, the National Association of Attorneys General stated that an effective data breach law should preserve strong consumer protections and allow states to enforce data breach laws. Consumer groups said that the Financial Data Protection Act "does nothing positive for consumers and rolls back existing state consumer protection laws."For more information, see EPIC's choicepoint page.(Jul. 25)
  • UPDATE - DC City Council Approves Temporary Expansion of Video Surveillance.Responding to a proposal from Mayor Williams for emergency legislation, the DC City Council agreed to install 23 surveillance cameras in residential neighborhoods for the first time. The City Council also approved an earlier curfew and police access to confidential juvenile information. Youth groups, privacy and civil liberties organizations protested the measures, which will be in force for 90 days. The City Council has scheduled an October hearing on the surveillance cameras. (Jul. 20)
  • Joint House Committees Hold Hearing on E-voting. In a statement to the House Committees on Administration and Science, the National Committee for Voting Integrity recommended greater security for e-voting systems. NCVI said that the current review process for ensuring that e-voting systems count votes as cast is not working. The Election Assistance Commission has delayed implementation of a new federal process intended to replace the current system. For more information, see EPIC's Voting and Privacy page and the National Committee for Voting Integrity Web site. (Jul. 20)
  • ABA Urges Oversight of Domestic Surveillance. At a hearing on the future of the Foreign Intelligence Surveillance Act, the American Bar Association testified that Fourth Amendment protections and judicial review are critical to protect the rights of Americans. Civil liberties groups issued a joint statement opposing the Specter-White House proposal, S. 2453, and supporting Rep. Harmon's bill, H.R. 5371. And USA Today reported on several government data mining programs that operate without legal protections. More information at EPIC FISA page. (Jul. 20)
  • DC Council to Consider Improper Expansion of Public Video Surveillance. The DC Council meets today to consider a proposal from Mayor Williams to "provide the Metropolitan Police Department broader authority to use the CCTV system" and to support "private entities and associations that seek to take advantage of CCTV technology and share recordings with the police." EPIC has repeatedly warned the Council that surveillance cameras are not effective, but they are prone to abuse. More information at EPIC's Video Surveillance page and Observing Surveillance. (Jul. 19)
  • In Congress, EPIC Urges Privacy Safeguards for WHOIS Data. EPIC Executive Director Marc Rotenberg testified before the House Finance Committee in support of new privacy safeguards for WHOIS, the directory of Internet domain owners. Currently anyone with an Internet connection, including spammers, phishers, and stalkers, can access information in the WHOIS database. Citing the growing risk of identity theft, EPIC supported an ICANN proposal to limit public access to personal information. For more information, see EPIC's WHOIS page. (Jul.18)
  • AT&T Fined $550,000 for Privacy Failures. In a settlement (pdf) reached with the Federal Communications Commission, AT&T agreed to pay $550,000 in a case concerning consumer privacy. According to the settlement, AT&T may have improperly used customer data for marketing purposes. AT&T also agreed to improve procedures for opt-out notification. This investigation was prompted by an EPIC petition submitted to the FCC in August 2005. For more information, see FCC Commissioner Adelstein's statement (pdf) on the settlement and EPIC's Phone Records page. (Jul.11)
  • Georgia Superior Court Judge Halts Use of Photo ID for Voters. Judge Melvin K. Westmoreland of Fulton County Superior Court agreed with the plaintiffs in a legal challenge brought against a revised Georgia voter identification law. Plaintiffs argued that the new law would make it harder for minorities,the elderly, and the poor to participate in public elections. The judge based his decision on the Georgia Constitution which only requires that voters must be 18 years old, mentally competent and state residents. A previous effort to mandate a photo ID for voters was ruled unconstitutional by two federal court judges. Georgia appealed the judge's decision through an emergency motion, which was denied. EPIC's comments on Georgia's Voter ID Law, Statement to House Committee on Voter ID requirements.(Jul. 10)
  • Illinois Outlaws Pretexting, Adopts New Privacy Safeguards. Illinois Governor Rod R. Blagojevich signed legislation last week outlawing the practice of "pretexting," pretending to be an account holder so as to obtain access to someone else's personal information. In the past year, Illinois has passed several laws to protect consumer privacy, including measures that address identity theft, limit the use of the Social Security Number, require notification of security breeches, and allow state residents to put a security freeze on their credit report if they believe their personal information has been compromised. For more information, see EPIC's pages on Illegal Sale of Phone Records and the Privacy Page of the National Conference of State Legislatures. (Jul. 10)
  • EPIC Supports Supreme Court Review of DNA Databases.EPIC has filed a "friend of the court" brief (pdf) asking the U.S. Supreme Court to hear the case of a probationer who was forced to provide a DNA sample for inclusion in a federal DNA database. EPIC urged the Supreme Court to examine a case, which upheld (pdf) the collection of DNA samples as similar to fingerprinting. EPIC's brief states that the blood samples and DNA profiles reveal far more than a fingerprint does about an individual, and that the family of a profiled individual are unfairly implicated by DNA collection in the criminal justice system. In addition, samples are retained far longer than is necessary. Combined with the increasing expansion of DNA collection and use, EPIC warned that DNA profiling may soon affect all members of the general public. For more information, see EPIC's Johnson v. Quander and medical privacy pages. (Jun. 30)
  • Spotlight: Multiple Security Failures at Veterans Affairs. In the wake of May's massive data theft, the Department of Veterans Affairs falls under the Spotlight. The immense data loss could easily happen again because of weak security at the agency, Spotlight reports. Veterans Affairs was warned about security weaknesses for many years, but failed to act, according to government officials (pdf). Documents reveal that the agency had given permission for the analyst, from whom the equipment was stolen, to work from home with the sensitive personal data. Agency officials previously said the analyst violated agency procedure by taking the data home. Other documents (pdf) indicate ongoing security risks at Veterans Affairs. EPIC's Spotlight on Surveillance page. (Jun. 30)
  • EPIC Opposes Expansion of DC Video Surveillance. In comments (pdf) to the Metropolitan Police Department,EPIC opposed a new CCTV project that would dramatically expand police surveillance of the public. The proposal would also allow the police chief to establish a system of secret video cameras without informing the public. EPIC urged the MPD to maintain public notification standards for video surveillance. EPIC also urged the MPD to set clear, objective standards for evaluatingthe system. For more information, see EPIC's Video Surveillance and Spotlight on Surveillance pages. (Jun. 29)
  • The Brennan Center Releases Voting Technology Report. The Brennan Center's report "The Machinery of Democracy Protecting Elections in an Electronic World," was a collaborative effort joined by EPIC's Project the National Committee for Voting Integrity that identified over 120 security threats; and evaluated countermeasures for repelling attacks. The study examined each of the three most commonly purchased electronic voting systems and makes recommendations on their use in public elections. For more information on voting systems, visit EPIC's Voting Privacy Page and National Committee for Voting Integrity (NCVI). (Jun. 28)
  • Privacy International Alleges Banking Consortium Broke EU Privacy Laws. London-based Privacy International has filed complaints with data protection and privacy regulators in 33 European countries against Brussels-based banking consortium Swift. Last week, news reports revealed that Swift had secretly provided the US Treasury Department with confidential banking transactions of thousands of customers, including Europeans. Privacy International contends that Swift acted "without regard to legal process under Data Protection law." For more on international privacy law, see EPIC's Privacy Law Sourceboook: United States Law, International Law, and Recent Developments.(Jun. 28)
  • Registered Traveler Hits Turbulence. The Transportation Security Administration says security concerns have delayed the controversial air passenger prescreening program Registered Traveler, which was to be rolled out beginning Tuesday. EPIC has testified previously (pdf) and submitted comments (pdf) about the flawed program, warning that problems with watch list errors have not been resolved, that there are no legal safeguards to prevent misuse, and that "mission creep" is almost certain. For more information, see EPIC's Spotlight on Surveillance and Passenger Profiling pages. (Jun. 22)
  • EPIC Opposes Photo Identification Requirements for Voters. EPIC, in a statement to the House Committee on Administration, opposed proposals to limit voting only to those with one of a very limited number of government issued photo identification documents. EPIC said that the proposal would restrict voter access to voting in ways that are unconstitutional, and disregard voters' privacy rights. For more information, see EPIC's Voting and Privacy page and the National Committee for Voting Integrity Web site. (Jun.22)
  • EPIC Urges Congress to Pursue Oversight of Intelligence Investigations. EPIC, in a letter to the Senate Judiciary Committee, has recommended increased Congressional oversight of FBI intelligence investigations. Documents recently released to EPIC under the Freedom of Information Act suggest many cases of serious FBI misconduct in such investigations. Although these matters are reported to the Intelligence Oversight Board(IOB), Congress is not notified of the allegations, or how the cases are resolved. EPIC has proposed that the Senate hold hearings to assess the significance of these incidents and also that better reporting procedures are established. for more information, see the EPIC v. DoJ page. (Jun.20)
  • Senator Clinton Calls for Comprehensive Privacy Law. In a speech to the American Constitution Society, Senator HilaryClinton called for a new Privacy Bill of Rights to protectAmerican's personal information. Senator Clinton said that her privacyagenda would "secure the interests of consumers," promote " stronger,better enforced protection for medical privacy" and establish "a newnational security consensus setting out clear rules to allow thegovernment to use new intelligence techniques and make sure the public knows its rights and limits." Text of Clinton privacy speech. (Jun.19)
  • Experts Find Internet Wiretaps Weaken Security. According to a report by the Information Technology Association of America, attempts to create wiretap-friendly Internet and VoIP services will build security vulnerabilities into the services. A recent ruling by a federal appeals court requires broadband and VoIP providers to build systems that the government can wiretap easily. However, technology experts say that this requires either a massive change in Internet infrastructure, or the introduction of serious security risks. For more information, see EPIC's wiretap page. (Jun. 19)
  • Senate Judiciary Chair: NSA Surveillance is IllegalOn June 7, in a letter to Vice President Cheney, Senator Specter statedthat, "There is no doubt that the NSA program violates the ForeignIntelligence Surveillance Act..." Specter chastised Cheney forseeking to block planned hearings on the NSA domestic spyingprogram. The Senate Judiciary may use its subpoena power if anagreement cannot be reached with the White House on a hearing. (Jun. 15)
  • Appeals Court Wrongly Extends Wiretap Requirements. The U.S. Court of Appeals for the D.C. Circuit has decided (pdf) that the Federal Communications Commission can require broadband and VoIP providers to make their services wiretap-friendly. The decision allowed the FCC to apply the Communications Assistance for Law Enforcement Act (CALEA) to Internet-based communications, even though the law explicitly exempted "information services." For more information, see EPIC's wiretap page. (Jun. 13)
  • EPIC Files Reply Comments on Phone Security. EPIC has filed reply comments (pdf) on the Federal Communications Commission's proposal to require phone companies to increase security for consumers' phone records. In its comments, EPIC urges the FCC to adopt rules that prevent poor security practices, such as using easily obtained biographical information as passwords for users to access account information. EPIC also responded to comments from telephone companies claiming that audit trails were too expensive, noting that many telephone companies already use audit trails in fraud prevention. Finally, EPIC objected to a "safe harbor" proposal that would allow companies to avoid responsibility for consumer privacy. For more information, see EPIC's illegal sale of phone records page. (Jun. 13)
  • Veterans Affairs Data Theft Widens. The personal information of about 1.1 million active-duty military personnel, 430,000 members of the National Guard and 645,000 members of the Reserves, was stolen in the recent theft of computer data from the Department of Veterans Affairs, the agency announced Tuesday. The agency previously said (pdf) that all 26.5 million people affected by the data theft were veterans and their spouses. The data include Social Security numbers and disability ratings. Privacy Rights Clearinghouse offers ID theft prevention tips. (Jun. 7)
  • EPIC Speaks to Homeland Security on Video Surveillance. In testimony (pdf) before the Department of Homeland Security's Data Privacy and Integrity Advisory Committee, EPIC said that privacy in public spaces was a vital part of our democratic experience. EPIC said that privacy in public spaces also called anonymity is assured by the inability of people to remember in great detail their own past. The encroachment of surveillance technology like CCTV is threatening this important privacy right For more information, see EPIC's Video Surveillance page(Jun. 7)
  • One-Third of US and UK Firms Read Employees' E-mail. More than one-third (38%) of large companies in the US and UK read their employees' e-mail, and another 24% of US firms and 33% of UK firms plan to implement such surveillance, according to a new study (registration required) from a company that offers corporate e-mail protection. However, about 20% of US and UK firms surveyed do not have a written policy about e-mail use and monitoring. Proofpoint Inc. and Forrester Research surveyed 406 US and UK companies with more than 1,000 employees. For more information, see EPIC's Workplace Privacy page. (Jun. 6)
  • European Court Rejects Data Transfer to US. The European Court of Justice has just ruled that the 2004 airline passenger data transfer agreement (pdf) between the U.S. Department of Homeland Security and the European Union is to be voided after September 30, 2006. The Court held that the agreement was illegal because it exceeded the scope of the EU 1995 Directive on data protection, which excludes operations concerning public security, defense, state criminal law and state security. Since the framework for data transfer was dictated by public authorities, and amounted to processing operations concerning public security, the Court held that the Commission lacked legal competence under the Directive to address public and state security issues. Privacy International describes the holding as a "pyrrhic victory" because the Court ruled on the basis of legal authority, and did not address the privacy implications of the transfer of the personal data to the U.S. The European Data Protection Supervisor is concerned that the ruling has created a loophole because it is uncertain that the Directive protects data collected for commercial reasons but used for police matters. (May 30)
  • EPIC Urges Privacy Safeguards for Traveler Database. In comments (pdf) to Customs and Border Protection, EPIC opposed the agency's plan to exempt a vast database from legal requirements that protect privacy and promote government accountability. The Global Enrollment System would include employment history and biometric data. Among many possible activities, the agency will use this system to determine which travelers are "low-risk" and eligible for the "Trusted Traveler" program. EPIC warned that the absence of effective redress procedures would leave many travelers improperly designated as "high-risk." For more information, see EPIC's Passenger Profiling page. (May 22)
  • Veterans Affairs Reports Massive Data Theft. The Department of Veterans Affairs announced today that an agency employee took home records on 26.5 million veterans that were subsequently stolen by a burglar. The data included names, Social Security numbers, and dates of birth, as well as some disability ratings. The FBI and the VA Inspector General's Office have launched "full-scale investigations." Information for those who are concerned about identity theft is available from the Federal Trade Commission. (May 22)
  • EPIC Testifies on Call Spoofing, Urges Privacy Safeguards. EPIC Executive Director Marc Rotenberg testified today at a House hearing on a bill that would outlaw "spoofing" telephone calls. Phone spoofing is a practice by which a caller causes a phone number other than their own to appear on a caller ID or similar display. EPIC said that there is legitimate and illegitimate spoofing, and recommended that the law only prohibit spoofing when done with the intent to commit fraud or to harass. Rotenberg also urged lawmakers to support EPIC's call for an FCC investigation into the disclosure of Americans' phone records to the NSA. (May 18)
  • EPIC Urges FCC Investigation of Phone Companies in NSA Program. EPIC filed a complaint [also available in pdf] with the Federal Communications Commission urging the agency to investigate claims that telephone companies shared private customer data with the National Security Agency as part of a domestic surveillance or data mining program. Telecommunications carriers are required by law to keep customer records confidential. "If telecommunication carriers disclosed customer information to the NSA in the manner described in press reports, then violations of section 222 of the Communications Act have occurred," the letter said. (May 17)
  • Action Item: National Call-In to Protest NSA Surveillance. A coalition of civil liberties groups, including EPIC, is asking for Americans to call their senators and representatives beginning today to protest the NSA's secret database of your call records. Everyone is encouraged to give Congress the chance to monitor and record the public's displeasure at warrantless domestic surveillance. The groups backing the call-in include: Alliance for Justice, American Civil Liberties Union, Bill of Rights Defense Committee, Council on American-Islamic Relations, Friends Committee on National Legislation, National Association of Criminal Defense Lawyers, and Unitarian Universalist Association of Congregations. Click here for information on how to contact your legislators. (May 17)
  • FCC Commissioner Calls for Investigation of NSA Spying Program. Federal Communications Commissioner Michael Copps called for an investigation (pdf) into phone companies' collaboration with a massive NSA database of Americans' phone calls. Copps stated that the FCC needs to investigate whether phone companies violated the Communications Act, which requires them to keep phone records confidential. " We need to be certain that the companies over which the FCC has public interest oversight have not gone - or been asked to go - to a place where they should not be," Copps said. (May 16)
  • EPIC Comments on Petition Seeking an Okay on the Use of Auto Dialers. In comments to the Federal Communications Commission, EPIC urged the agency to reject a petition by ACA International that would allow the use of auto dialers by debt collectors. The Telephone Consumer Protection Act of 1991 prohibits the use of auto dialers to contact telephone devices. EPIC told the agency that the incidents of identity theft in the US made the claim by ACA that it only seeks to collect outstanding debt suspect. EPIC also told the agency that it correctly interpreted Congressional intent in the rule promulgated and should not reverse itself on this matter. For more information on telemarketing and the Telephone Consumer Protect Act, see: http://www.epic.org/privacy/telemarketing/ (May 11)
  • Spotlight: Employment Verification Database Expansion Threatens Security. This month, Spotlight surveys the Basic Pilot employment eligibility verification system conducted jointly by the Social Security Administration and the Department of Homeland Security. Lawmakers are debating legislation that would greatly expand the Basic Pilot system, making its use mandatory for all employers nationwide. This would cost $405 million from 2006-2010, according to the Congressional Budget Office (pdf). However, a recent Government Accountability Office review (pdf) of the program shows that the system is riddled with security and accuracy problems that would be exacerbated by nationwide expansion. EPIC's Spotlight on Surveillance archive. (May 9)
  • Domestic Surveillance Proponent Picked to Head CIA. President Bush has named General Michael Hayden, Deputy Director of National Intelligence, to head the CIA. General Hayden previously served as director of the NSA when the Agency undertook the warrantless surveillance of American citizens. General Hayden defended the Agency's actions in a January 2006 speech at the National Press Club. More information at EPIC's page on Domestic Surveillance. (May 8)
  • Secret Wiretaps Continue to Increase. The Foreign Intelligence Surveillance Act Report reveals that the government made 2,072 secret surveillance requests in 2005, a record high and 18 percent more than in 2004. None of the requests were denied by the Foreign Intelligence Surveillance Court, the secretive body that issues the warrants. In contrast, the Department of Justice reports that law enforcement agencies across the country were authorized to conduct 1,773 wiretaps, which are issued under a more stringent standard. The report on secret wiretap warrants also indicated that the government issued 9,254 National Security Letters during 2005. These letters can be used to obtain information about individuals without the government applying for a court-reviewed warrant. For more information, see EPIC's wiretap and FISA pages. (Apr. 28)
  • Coalition Comments on Phone Records Security. In comments to the Federal Communications Commission, EPIC and seven consumer rights groups urged the agency to heighten standards for protecting phone records. The groups recommended a series of protection to deter unauthorized access to records, including auditing, notice to the individual when records are acquired, and greater controls over commercial use of phone records. For more information, see EPIC's Illegal Sale of Phone Records Page. (Apr. 28)
  • EPIC Brief Supports WHOIS Privacy for Domain Name Owners. EPIC has filed a friend of the court brief supporting the rights of .US domain name holders not to publish their personal information on the Internet. In 2005, the Department of Commerce, which administers the .US domain, banned users from using proxy services that would protect privacy. EPIC's brief supports one user who is trying to block the Commerce Dept. policy. The EPIC brief argues that privacy experts have made clear that personal information should not be routinely accessible in the WHOIS database and that the policy for .US provides much less protection when compared with the policies of other countries for country code domains. For more information, see EPIC's Peterson v. NTIA page.(Apr. 26)
  • Coalition Urges San Francisco to Improve Wifi Privacy. In comments to the San Francisco Government, EPIC, EFF, and the ACLU of Northern California urged city officials to tweak privacy protections for users of a proposed municipal broadband service. The City has chosen Earthlink and Google preliminarily as the network provider, however, these companies performed poorly on privacy analysis of their proposals. The comments seek to allow anonymous access to the network, to limit sale of personal information by the providers, and to routinely delete personal information collected through the network. (Apr. 19)
  • ICANN Chooses Privacy for Whois. The Internet Corporation for Assigned Names and Numbers (ICANN), the body that controls the assignment of domain names to Internet addresses, has voted to adopt a policy protecting the privacy of domain holders' personal information. ICANN stated that Whois, a public database containing the contact information of domain name holders, should be used only for its original purpose: to resolve issues related to the configuration of the records associated with the domain name. The ruling means that Whois data will not be expanded for other purposes, such as law enforcement and copyright investigations. EPIC advocated this position in its comments to ICANN in February. More information at EPIC's Whois and Identity Theft pages. (Apr. 13)
  • Federal, State Officials Object to Proposed IRS Rules. Attorneys General from 46 states and the District of Columbia filed a formal objection (pdf) to proposed IRS rules (pdf) that would allow businesses to share taxpayer information more easily for marketing and other purposes. The state officials recommended a ban on sharing taxpayer information, but also made several proposals for minimum safeguards that would protect privacy and stem identity theft. Senator Barack Obama also opposed the rule change and has introduced a bill that would prohibit the disclosure of sensitive taxpayer information to third parties. The IRS is holding hearings today on the rule changes. (Apr. 4)
  • EPIC Testifies on CA Pretexting Legislation. EPIC testified before the California Senate Judiciary Committee yesterday on SB 1666, legislation that would prohibit pretexting to any business in California. EPIC argued that such a broad ban on pretexting was necessary to address data brokers who use impersonation or trickery to obtain information from automobile navigation companies, dating websites, and employers. For more information, see EPIC's Illegal Access to Phone Records Page. (Apr. 4)
  • EPIC, EFF Critique Proposals for San Francisco Wireless. EPIC and the Electronic Frontier Foundation have provided a privacy analysis (also available in pdf) to the San Francisco government of the six proposals to deploy municipal broadband access in the city. The groups urged San Francisco to adopt a plan that promotes anonymity by allowing access without "signing in," to provide a level of free service to avoid identification through payment, and to limit targeted profiling for advertising. (Apr. 3)
  • EPIC, EFF Critique Proposals for San Francisco Wireless. EPIC and the Electronic Frontier Foundation have provided a privacy analysis (also available in pdf) to the San Francisco government of the six proposals to deploy municipal broadband access in the city. The groups urged San Francisco to adopt a plan that promotes anonymity by allowing access without "signing in," to provide a level of free service to avoid identification through payment, and to limit targeted profiling for advertising. (Apr. 3)
  • Coalition of 26 Groups Urges Stronger Medical Privacy Laws Congress is moving to create a national electronic health record system, and groups, including EPIC, ACLU, American Conservative Union, and Patient Privacy Rights, are urging lawmakers to build privacy safeguards into this system. National research has shown that Americans will avoid treatment, omit critical medical data and delay care if they are compelled to share sensitive medical data without strong privacy protections. A press conference (pdf) about the issue will be held at 10:30 am on Wednesday April 5 at Cannon House Office Building in Washington, D.C. For more information, see EPIC's Medical Privacy page and Patient Privacy Rights. (Apr. 3)
  • EPIC Comments on Canadian Do-Not-Call Registry In comments (also available in pdf) to the Canadian Radio-television and Telecommunications Commission, EPIC urged officials to take a consumer-friendly approach to implementing new telemarketing regulations. Such an approach would include limiting exemptions to the Do-Not-Call rules and making it easy for individuals to enroll. For more information, see EPIC's Telemarketing Page. (Apr. 3)
  • Pentagon Drops Bid to Withhold Abuse Images The Defense Department has withdrawn its challenge to a court decision (pdf) ordering the release of photos and videos depicting American troops abusing detainees at Abu Ghraib prison. According to an agreement reached by the Pentagon and ACLU, the government will authenticate photos of abuse that have already been posted by Salon.com, and disclose any additional images that are not yet public. The Defense Department had refused to release the information under the Freedom of Information Act, claiming that such disclosure would "endanger the life or physical safety" of U.S. soldiers in Iraq. EPIC and the National Security Archive filed a "friend of the court" brief (pdf) arguing that the FOIA would be undermined if the Defense Department could withhold the images to avoid public outrage. (Apr. 3)
  • Spotlight: IRS's Inadequate Security Puts Taxpayer Data at Risk. This month, Spotlight surveys the Internal Revenue Service amid recent questions concerning its information-sharing regulations and security systems. Government reports have found that the agency has poor physical (pdf) and electronic security (pdf), and it has had considerable trouble with its contractors improperly accessing and collecting sensitive taxpayer data. In one case, an IRS contractor spent several months collecting political party affiliation data on taxpayers in 20 states, in violation of the law. See EPIC's Spotlight on Surveillance page. (Mar. 30)
  • Senate Holds Hearing on Warrantless Surveillance. The Senate Judiciary Committee has held its third hearing on the National Security Agency's domestic surveillance program. The witness list included David S. Kris, a former high-level official in the Justice Department. Documents (pdf) obtained by EPIC earlier this month through Freedom of Information Act litigation showed Kris' skepticism that the surveillance was authorized by the Authorization for Use of Military Force Resolution. In one e-mail, Kris wrote that the the Justice Department's legal arguments for the program "had a slightly after-the-fact quality or feeling to them." For more information, see EPIC's Domestic Surveillance FOIA page. (Mar. 28)
  • Citing Privacy Interests, Judge Trims Google Subpoena. A federal district judge in California issued an order that limited the Justice Department's demand for records from Google. While Google must still turn over a list of 50,000 web addresses, it will not have to reveal Internet search terms. The Justice Department is seeking the records to conduct a statistical study for the defense of the Child Online Protection Act, an online censorship law that was blocked by the Supreme Court in 2004. For more information on the law, see EPIC's COPA page. (Mar. 20)
  • EPIC Testifies Against SSN Expansion. In testimony (pdf) today before the House Subcommittee on Social Security, Executive Director Marc Rotenberg urged Congress not to expand the uses of the Social Security number and the Social Security card. "Every system of identification is subject to error, misuse, and exploitation," Rotenberg said. Some members of Congress have proposed that the card contain digital photos, machine-readable identifiers, and biometric identifiers that could turn the Social Security card into a national ID card. For more information, see EPIC's Social Security Number page. (Mar. 16)
  • EPIC Introduces 2006 FOIA Gallery. In celebration of Freedom of Information Day, EPIC is proud to introduce its 2006 FOIA Gallery, which contains highlights and scanned images of some of EPIC's most interesting FOIA disclosures from the past year. For more information about the Freedom of Information Act, see EPIC's Open Government page. (Mar. 16)
  • Open Government Advocates Honored. EPIC General Counsel David Sobel and Advisory Board member David Burnham are among the twenty-one individuals to be inducted today into the National FOIA Hall of Fame. Inductees are chosen for their "unique roles in helping to establish, defend, and utilize the legal basis for the right to know." (Mar. 16)
  • Decision Expected in Google Subpoena Case. A federal judge in California is expected to rule today on whether Google must turn over a massive database of search queries demanded (pdf) by the Department of Justice. Google opposed the demand (pdf), saying it would jeopardize user privacy and trade secrets, and that the government has no right to the material. The Justice Department wants the records to help it prepare a defense of the Child Online Protection Act, an Internet censorship law blocked by the Supreme Court in 2004. For more information, see EPIC Alert 13.02 and EPIC's Ashcroft v. ACLU page. (Mar. 14)
  • EPIC Celebrates Sunshine Week. Open government and media organizations throughout the country are celebrating Sunshine Week by highlighting the importance of government transparency. To learn more about your right to access government information, see EPIC's Open Government page and Litigation Under the Federal Open Government Laws 2004. (Mar. 14)
  • EPIC, Archive File Brief Supporting Release of Abu Ghraib Photos. EPIC and the National Security Archive have filed an amicus brief (pdf) urging an appeals court to permit the disclosure of photos and digital movies showing American troops abusing detainees at Abu Ghraib prison in Iraq. The Pentagon has refused to release the information to the ACLU under the Freedom of Information Act, claiming that it would "endanger the life or physical safety" of U.S. soldiers in Iraq. EPIC and the Archive argue that the government is turning FOIA on its head by claiming that information likely to expose government misconduct should be withheld to prevent public outrage. (Mar. 13)
  • Justice Inspector General Reports on Possible Intelligence Violations. In response to accounts of apparent intelligence violations uncovered by EPIC last year, the Department of Justice Inspector General has examined (pdf) the FBI's procedures for reporting possible agent misconduct. According to the Inspector General, the FBI reported more than a hundred instances of possible intelligence misconduct to the Intelligence Oversight Board in the past two years, a number of which were "significant." The Inspector General also found that possible violations of the Foreign Intelligence Surveillance Act accounted for nearly 70 percent of reports to the board in 2005, up from 48 percent in 2004. For more information, see EPIC's Patriot Act FOIA page. (Mar. 13)
  • Patriot Act Renewal Bill Signed Into Law. President Bush has signed a bill that renews most sunsetting provisions of the Patriot Act while limiting few of the law's most controversial powers. The measure makes permanent most of the provisions of the law that were originally slated to expire at the end of last year. Intense debate over the Act's expansion of investigative powers delayed Congressional action, and lawmakers twice extended the deadline for the Act's expiration in order to continue debate. A bipartisan coalition of senators has introduced legislation to reinstate safeguards that were stripped from the renewal bill during the legislative process. For more information, see EPIC's Patriot Act, Patriot Act Sunset and Patriot Act FOIA pages. (Mar. 13)
  • EPIC: NY Should Ban Pretexting. In comments to two Committees of the New York Assembly, EPIC advised lawmakers to broadly prohibit pretexting in order to protect individuals' privacy. EPIC warned that a narrow, phone-records only ban on pretexting would invite using the practice against holders of other records, such as email providers and dating services. For more information, see EPIC's Illegal Access to Phone Records Page. (Mar. 13)
  • In EPIC Open Government Lawsuit, Former Official Concludes that Surveillance Program was Illegal. Documents obtained by EPIC in a Freedom of Information Act lawsuit against the Department of Justice reveal that a former top official in the Justice Department doubted that the domestic surveillace program was allowed under the Authorization for Use of Military Force Resolution. In an e-mail, David S. Kris wrote that the the Justice Department's defense of the program, "had a slightly after-the-fact quality or feeling to them." Other materials released by the Bush Administration (pdfs part 1, part 2, part 3, part 4) include various justifications for the program and transcripts of television appearances by the Attorney General. In a motion filed last night, the Justice Department has asked (pdf) the court for an additional four months to process classified material responsive to EPIC's request. (Mar. 8)
  • Coalition Supports Opt-In Rule for Tax Info Disclosure. In comments to the Internal Revenue Service, EPIC, Privacy Rights Clearinghouse, and World Privacy Forum supported a strong opt-in rule before tax preparers can disclose return information for marketing purposes. The groups urged IRS to stiffen penalties for wrongful disclose of data, and to require tax preparers to take responsibility for how data are used for marketing. (Mar. 8)
  • EPIC Testifies in CA Assembly on Pretexting. In testimony before the California State Assembly Committee on Public Safety, EPIC discussed the need for a ban on pretexting. California Senate Bill 202, currently under consideration by the Committee, would broadly prohibit buying and selling phone records, and establish criminal and civil penalties for violating privacy. For more information, see EPIC's Illegal Sale of Phone Records Page. (Mar. 7)
  • Phone Record Privacy Bills Move Forward in Congress. The Senate and House Judiciary Committees approved bills that would prohibit the unauthorized sale of call detail information and ban the pretexting of phone records. The Law Enforcement and Phone Privacy Protection Act of 2006 and the Consumer Telephone Records Protection Act of 2006 received unanimous support in the committee and may be taken up soon by the full House and Senate. Several other bills protecting phone records are also under consideration. EPIC testified before the House (pdf) and Senate, advocating for broader bans on pretexting and stronger regulations to protect phone records. For more information, see EPIC's Pretexting page. (Mar. 2)
  • EPIC Comments on Private Data in Court Files. In comments to the Florida Courts, EPIC recommended that court files be scrubbed of identifiers such as the Social Security Number, date of birth, and telephone number. EPIC argued that, "Court records are becoming the fodder for dossiers on Americans," and that commercial data brokers are eroding the privacy rights of individuals by pour data into court files. For more information, see EPIC's Public Records and Choicepoint Pages. (Feb. 28)
  • Spotlight: Don't Spend Anti-terrorism Funds on Other Programs. This month, we Spotlight the Highway Watch program, a joint venture of the Transportation Security Administration and the American Trucking Association. About $40 million in federal funds have been spent on the program, which aims to provide anti-terrorism training to truck and school bus drivers and others. However, there have not been any publicly reported instances of the program helping to prevent any terrorist plots. Highway Watch began as, and continues to be, a safety awareness program. As such, it should not receive anti-terrorism grants from Homeland Security. See EPIC's Spotlight on Surveillance page. (Feb. 27)
  • Senate Committee to Consider Further NSA Surveillance Program. The Senate Judiciary Committee will hold a second hearing on the legality of wiretapping US citizens without judicial approval. The hearing will be webcast. House Members have urged the appointment of a Special Counsel to investigate the NSA domestic spying program. EPIC has compiled extensive resources on domestic surveillance (see above), and has prepared a report on the legality and cost of the NSA Secret Eavesdropping Program. EPIC makes available the full text of the Foreign Intelligence Surveillance Act in its Privacy Law Sourcebook. EPIC is also seeking the disclosure of government records that explain the legal basis for the program. (Feb. 27)
  • Government Considered Iris Scans, Voice Recognition for Border Security. Documents (pdf) obtained this week by EPIC show that, as early as 2003, the US-VISIT border security program considered using iris scanning and voice recognition biometrics. US-VISIT already requires foreign nationals entering or exiting the country to submit detailed biographical information, fingerprints, and a digital photograph. Last week, the Government Accountability Office reported (pdf) significant problems with US-VISIT. For Fiscal Year 2007, President Bush has requested (pdf) $399.5 million for the program, on top of the $1.4 billion that has been spent to date. For more information, see EPIC's US-VISIT and Biometrics pages. (Feb. 24)
  • Groups Urge San Francisco to Deploy Privacy-Friendly Network. ACLU of Northern California, EFF, and EPIC submitted comments to San Francisco TechConnect urging it to establish a privacy-friendly municipal broadband service in the city. TechConnect is charged with researching municipal broadband issues for the city, and the body has asked potential providers to submit privacy policies for their services, but has not set minimum standards for privacy protection. The coalition comments seek minimum standards that will allow people to use the network anonymously, limit retention of personal information when it is collected, and protect users' interests when legal demands are made for network data. (Feb. 21)
  • EPIC to Attorneys: Pretexting is Unethical. In a letter sent to state ethical and professional responsibility boards, EPIC warned that there is mounting evidence that attorneys are major purchases of "pretexting" services. Pretexting is the practice of using false pretenses to trick a company into releasing personal information. EPIC urged state boards to evaluate pretexting under ethics rules, and to issue opinions to attorneys advising them not to pretext or hire investigators who use pretexting to obtain information. For more information, see EPIC's Illegal Sale of Phone Records Page. (Feb. 21)
  • Court Orders Justice Department to Release NSA Surveillance Documents in EPIC Lawsuit. In response to a Freedom of Information Act lawsuit (pdf) filed by EPIC, a federal judge has ordered (pdf) the Department of Justice to process and release documents related to the Bush Administration's warrantless surveillance program by March 8. It is the first court opinion addressing the controversial domestic spying operation. "President Bush has invited meaningful debate about the warrantless surveillance program," U.S. District Judge Henry H. Kennedy wrote. "That can only occur if DOJ processes [EPIC's] FOIA requests in a timely fashion and releases the information sought." For more information, see EPIC's press release and Domestic Surveillance FOIA page. (Feb. 16)
  • Report: DHS is Lax on Security, Privacy in US-VISIT Program. The Department of Homeland Security's sluggishness has jeopardized the effectiveness of the US-VISIT border security program, according to a new report (pdf) from the Government Accountability Office. DHS has yet to develop and begin implementing a system security plan and privacy impact assessment, the key recommendation that the GAO made when it assessed the program two and a half years ago. For Fiscal Year 2007, President Bush has requested $399.5 million (pdf) for the US-VISIT program, $62.9 million more than it received in 2006. For more information, see EPIC's US-VISIT page. (Feb. 16)
  • Congress Slams Tech Firms on Censorship in China. Yahoo, Google, Microsoft, and Cisco all testified before a Congressional committee on their services that are used to censor speech and identify dissidents in China. Both Republicans and Democrats strongly criticized the companies' actions, and have proposed legislation (pdf) and trade pressure to discourage U.S. companies from aiding Chinese speech suppression. China has a long record of human rights abuses, including prohibitions on anonymous Internet use and censorship of the press and the Internet. For more information, see Privacy and Human Rights 2004 on China and Filters and Freedom 2.0. (Feb. 16)
  • American Bar Association Says Unlawful Surveillance Should Stop. A new report (pdf) from the American Bar Association calls on the President to abide by constitutional checks and balances, and to end electronic surveillance inside the United States that does not comply with the Foreign Intelligence Surveillance Act. The Association overwhelmingly supported the report, which also urged the Congress to undertake comprehensive investigations. More information at the EPIC FISA page. (Feb. 15)
  • SSNs, Other Data Should Be Scrubbed from Court Files. In comments to the federal judiciary, EPIC called for changes to procedural rules to shield personal information in court files from commercial data brokers. Commercial data brokers employ stringers to harvest personal information from court files, and then resell the information. Court files are becoming the fuel for dossier-building on Americans, and courts must accept the responsibility for shielding data from misuse. For more information, see EPIC's Public Records and Commercial Data Broker Pages. (Feb. 15)
  • New Anti-Identity Theft Resource for Katrina/Rita Victims. The Electronic Privacy Information Center has prepared an easy to use resource guide for those affected by the devastation of last year's hurricane season. This resource provides guidance to evacuees on ordering their free credit reports, what to do if they suspect identity theft, and the best means of protecting themselves from identity thieves. (Feb. 14)
  • UK Moves Toward Mandatory ID. The House of Commons has voted to require that all Britons seeking passports also obtain a government-issued identity card that would include biometrics such as a scanned fingerprint or a digital iris image. Privacy advocates, including Privacy International have vigorously opposed the plan. A report by leading academics (pdf) from the London School of Economics indicates that the ID scheme will be costly, inefficient, and easily subverted. The proposal goes next to the House of Lords. More information at EPIC's National ID page. (Feb. 14)
  • EPIC Supports Privacy for WHOIS Records. In comments to the ICANN on the "Preliminary Task Force Report on the Purpose of Whois," EPIC has urged the adoption of a policy that would make Whois data (the listing of those who register Internet domains) only available to "provide information . . . related to the configuration of the records associated with the domain name within a DNS nameserver." EPIC cited the original purpose of Whois and the growing risk of identity theft. EPIC specifically opposed a proposal that would make Whois data available for broader purposes, such as law enforcement and copyright investigations. More information at EPIC Whois and Identity Theft pages. (Feb. 13)
  • FCC Initiates Phone Records Security Rulemaking. The Federal Communications Commission has approved (pdf) EPIC's petition calling upon the agency to create heightened security protections for telephone calling records. FCC Chairman Martin said, "I support this Notice because I am deeply concerned about reports of companies trafficking in personal telephone records?" For more information, see EPIC's Illegal Sale of Phone Records Page. (Feb. 10)
  • Security Concerns Ground Secure Flight. The head of the Transportation Security Administration told a congressional committee today that Secure Flight has been suspended for a comprehensive review of the program's information security measures. Testimony (pdf) from the General Accountability Office revealed that TSA approved Secure Flight to become operational in September, despite inconclusive risk assessments and 144 known security vulnerabilities. "TSA may not have proper controls in place to protect sensitive information," the GAO said. For more information, see EPIC's Secure Flight page. (Feb. 9)
  • EPIC Testifies in Senate on Phone Records. In testimony (also available in pdf) before the Senate Commerce Committee, EPIC Executive Director Marc Rotenberg called for a ban on the sale of communications records, as well as a ban on "pretexting," the practice of using false pretenses to trick a company into releasing personal information. EPIC noted that in addition to phone records, the records of PO Box owners and dating service users are susceptible to unauthorized disclosure and pretexting. Rotenberg also called for limitations on the information collected and stored by communications companies, and stronger security measures for stored information. For more information, see EPIC's Illegal Sale of Phone Records page. (Feb. 8)
  • EPIC Files Second Lawsuit for NSA Surveillance Documents. In a Freedom of Information Act complaint (pdf) filed today in federal court, EPIC is seeking the release of National Security Agency documents detailing the Administration's warrantless domestic surveillance program. EPIC filed a similar lawsuit (pdf) last month against the Department of Justice, which has played a key role in authorizing, implementing and overseeing the NSA's warrantless surveillance activities. A hearing in that case is scheduled for February 10. For more information, see EPIC's Domestic Surveillance FOIA page. (Feb. 6)
  • Hearings Begin on Domestic Surveillance Program. The Congress began historic hearings today on the President's domestic spying program. The Attorney General will testify before the Senate Judiciary Committee about the legality of wiretapping US citizens without judicial approval. EPIC has compiled extensive resources on domestic surveillance, and has prepared a report on the legality and cost of the NSA Secret Eavesdropping Program. EPIC makes available the full text of the Foriegn Intelligence Surveillance Act in its Privacy Law Sourcebook. EPIC is also seeking the disclosure of government records that explain the legal basis for the program. Members of the Judiciary Committee have made similar requests. See EPIC's Domestic Surveillance Resources. (Feb. 6)
  • Acxiom Proposed Massive Web Monitoring Plan. Documents (pdf) obtained by EPIC under the Freedom of Information Act show that commercial data broker Acxiom proposed a system to automatically scan the Internet and identify websites "belonging to advocates of extremist views and actions..." The plan proposed to extract personal information from websites and use it for "cross-reference analysis to establish possible connections between extremist groups" and to collect data for an "Identity Verification System to be used by airlines, rental car agencies, and other business and government agencies." For more information, see EPIC's Commercial Data Broker page. (Feb. 2)
  • Court Upholds Air Travel ID Requirement. The Ninth Circuit Court of Appeals recently ruled (pdf) for the government in Gilmore v. Gonzales, a case that challenged an unpublished federal rule requiring passengers to show ID before boarding commercial airplanes. EPIC filed a "friend of the court" brief (pdf) in the case, stating that secret law violates constitutional due process rights. For more information, see EPIC's Passenger Profiling page. (Feb. 2)
  • EPIC Testifies on Pretexting and Phone Record Sales. EPIC Executive Director Marc Rotenberg testified (pdf) before the House Energy and Commerce Committee on the sale of personal phone records. EPIC called for laws that would ban pretexting (a technique used by data brokers to obtain personal information), as well as enhanced security procedures, and restrictions on the collection of customer data. "A ban on pretexting will protect consumers and make it clear to online information brokers that pretexting is unfair, deceptive, illegal, and wrong," said Rotenberg. FCC Chairman Kevin Martin and FTC Commissioner John Liebowitz also testified at the hearing, and urged stronger safeguards for phone records. For more information, see EPIC's Illegal Sale of Phone Records page. (Feb. 1)
  • EPIC Urges CDC to Limit Passenger Data Collection. EPIC said in comments (pdf) to the Centers for Disease Control and Prevention that it should limit a proposed rule that would require airline and shipping industries to gather passenger information, maintain it electronically for at least 60 days, and release it to the CDC within 12 hours of a request. EPIC urged the CDC to narrow the scope of data collected to that which is necessary and set strict security standards to keep passenger data secure from unauthorized access and misuse. The CDC also should require the clear and open disclosure that travelers can refuse to submit their information without facing penalties, EPIC said. For more information, see EPIC's Medical Privacy page. (Jan. 31)
  • Spotlight: Legality of NSA's Eavesdropping Program Is Suspect. This month, the National Security Agency, the largest intelligence organization in the federal government, is under the Spotlight. The NSA was created to conduct international surveillance - to intercept and analyze phone calls, e-mails, faxes and other communications, searching for threats to national security. Last month, it was revealed that President Bush had issued an order in 2002 allowing the NSA unprecedented power to conduct domestic surveillance. However, it is unlikely that the president has the legal authority to authorize such a program, according to the nonpartisan Congressional Research Office (pdf) and legal experts (pdf). For more information, see EPIC's Spotlight on Surveillance and FISA pages. (Jan. 31)
  • FTC Fines Choicepoint for $15 Million in Consumer Privacy Case Following EPIC Complaint. The Federal Trade Commission has announced a settlement (pdf) with data broker Choicepoint, under which the company will pay $10 million to the Commission and $5 million to redress consumer harms. It is the largest civil penalty in FTC history. The Commision accused (pdf) Choicepoint of violating consumers' privacy rights and federal law through its shoddy security measures and record-handling procedures. Choicepoint will also have to institute better security procedures and be audited by an independent security firm every two years until 2026. The settlement does not, however, resolve EPIC's 2004 complaint that Choicepoint has been selling personal information outside of Fair Credit Reporting Act protections. For more information, see EPIC's Choicepoint page. (Jan. 26)
  • EPIC Sues Justice Department for Domestic Surveillance Documents. Today EPIC filed a Freedom of Information Act lawsuit (pdf) against the Department of Justice, asking a federal court to order the disclosure of information about the Administration's warrantless domestic surveillance program within 20 days. The Justice Department has played a key role in authorizing, implementing and overseeing the National Security Agency's domestic surveillance activities. EPIC argues in its court papers (pdf) that the debate surrounding the program "cannot be based solely upon information that the Administration voluntarily chooses to disseminate." For more information, see EPIC's press release and Domestic Surveillance FOIA page. (Jan. 19)
  • EPIC Comments on Junk Fax Law. In comments (also available in pdf) to the Federal Communications Commission, EPIC recommended protections to shield individuals against junk faxes. Congress recently passed the Junk Fax Prevention Act, which requires senders of unsolicited commercial fax messages to broadcast privacy notices and instructions on how to opt out. For more information, see EPIC's Junk Fax Page. (Jan. 18)
  • Company Halts Phone Records Sales. In a press release, the company first identified by EPIC as selling phone records illegally claims to have discontinued the service because it "concluded that continuing to provide the service would link it to disreputable companies who do not use any safeguards to protect against the potential dangers of this service." The company also posted a guide (pdf) to protect your records against pretexting. The company still offers "Post Office Breaks," and other personal information sales. For more information, see EPIC's Illegal Sale of Phone Records Page. (Jan. 18)
  • FCC Commissioners Call for Action on Phone Records. Federal Communications Commission Commissioners Adelstein and Copps released statements today calling for swift action to address the illegal sale of telephone records. Commissioner Adelstein announced (pdf) that they agency's enforcement bureau launched an investigation into "these troublesome data brokering practices, and I support swift action against carriers that have not complied with our existing rules and procedures." Commissioner Copps announced (pdf) that, "These incidents further highlight the need to act on the petition filed by the Electronic Privacy Information Center (EPIC) on enhanced security standards for access to consumer records." For more information, see EPIC's Illegal Sale of Phone Records Page. (Jan. 17)
  • EPIC Opposes Preemption of Junk Fax Laws. In comments (also available in pdf) to the Federal Communications Commission, EPIC argued that federal law should not supercede or "preempt" California's heightened protections against junk faxes. Junk faxes are unsolicited commercial facsimile messages. California law prohibits their transmission without affirmative consent from the recipient, but junk faxers are seeking to invalidate those rules. For more information, see EPIC's Junk Fax and Telemarketing Preemption Pages. (Jan. 17)
  • Senate Minority Leader Calls on FCC to Investigate Illegal Phone Sales. In a letter (200k pdf) to the Federal Communications Commission, Senator Harry Reid has called upon the agency to "begin an investigation into how online data brokers are obtaining Americans' private phone records, and whether phone companies are doing enough to protect the personal and private information with which they are entrusted." This letter follows numerous news reports that demonstrate the vulnerability of phone records to online data brokers, who for a fee will obtain calling logs. In July 2005, EPIC filed a complaint with the Federal Trade Commission detailing these practices, and identified 40 websites (3.8M pdf) that offered to sell phone records. EPIC also petitioned the Federal Communications Commission to require heightened protections for telephone records. For more information, see EPIC's page on EPIC's Illegal Sale of Phone Records Page. (Jan. 13)
  • Creation of National ID Card Will Be a Nightmare, Report Shows. State motor vehicle officials across the nation say it will be a nightmare to implement the REAL ID Act, a law passed in may that will turn driver's licenses into national ID cards. A comprehensive survey (pdf) concluded last August but recently obtained by the Associated Press revealed the costs of implementation have been vastly underestimated by the government, which initially put the total price at $100 million. According to the survey, Pennsylvania alone would spend $85 million on REAL ID. For more information, visit EPIC's National ID Cards and REAL ID Act page. (Jan. 13)
  • Government to Test E-Passports in San Francisco. The Department of Homeland Security will begin testing e-Passports on Sunday at San Francisco International Airport. The e-Passports contain Radio Frequency Identification chips, which transmit information wirelessly. Testing conducted last year revealed that "contactless" passports impede the inspection process, according to documents (pdf) recently obtained by EPIC under the Freedom of Information Act. EPIC has urged (pdf) the agency to abandon the use of such technology in passports because of significant security and privacy issues. For more information, see EPIC's RFID page. (Jan. 13)
  • EPIC Sues Justice Department for Misconduct Reports. EPIC filed suit (pdf) in federal court yesterday against the Department of Justice for reports of possible misconduct submitted by the FBI to the Intelligence Oversight Board. EPIC is also seeking documents from the Attorney General about possible misconduct within the intelligence community. Judge Colleen Kollar-Kotelly, the head of the Foreign Intelligence Surveillance Court, has been assigned to the case. EPIC has already obtained about twenty reports to the Intelligence Oversight Board through another Freedom of Information Act lawsuit that raise questions about compliance with federal law. For more information, see EPIC's Patriot Act FOIA page. (Jan. 11)
  • Illegal Phone Records Sales Poses Security Risks. The Chicago Police Department has warned officers that private investigators may access and sell their telephone calling records, according to the Chicago Sun-Times. EPIC has filed a complaint with the Federal Trade Commission concerning these practices, and a petition with the Federal Communications Commission to require phone companies to enhance their security safeguards. To protect your privacy, ensure that your phone account is in your name, and call your phone company to place a password on your account. For more information, see EPIC's Illegal Sale of Phone Records Page. (Jan. 5)
  • First NSA Documents on Spy Scandal Released. EPIC has obtained the first Freedom of Information Act documents released by the National Security Agency on its controversial surveillance program. The documents, which are internal messages (pdf) from the agency's director to staff, defend the NSA's warrantless eavesdropping and discourage employees from discussing the issue with the news media. (Jan. 4)