Previous Top News: 2017

  • . The Pew Research Center has released a report on "What the Public Knows About Cybersecurity." According to the Pew survey, 75% of respondents could identify the strongest password out of four options. About half of the people who took the survey could identify a phishing attack; a similar number knew what ransomware is. Only 16% answered that "a group of computers that is networked together and used by hackers to steal information" is called a "botnet." EPIC maintains an Online Guide to Practical Privacy Tools and resources on Public Opinion and Privacy. (Mar. 22, 2017)
  • . EPIC has sent a letter to the Senate Commerce Committee concerning "The Promises and Perils of Emerging Technologies for Cybersecurity." EPIC urged the Committee to support "Algorithmic Transparency," an essential strategy to make accountable automated decisions. EPIC also pointed out the "significant privacy and security risks" of the Internet of Things. EPIC has been at the forefront of policy work on the Internet of Things and Artificial Intelligence, opposing government use of "risk-based" profiling, and recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices. (Mar. 22, 2017)
  • . Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the "Security and Privacy in Your Car Act of 2017." The SPY Car Act would establish cybersecurity and privacy standards for new passenger vehicles, and establish a privacy rating system. A 2014 report from Senator Markey "detailed major gaps in how auto companies are securing connected features in cars against hackers." The bill would also prevent the use of driver data for marketing purposes without consent. In 2015 EPIC testified before Congress on the need for privacy and safety safeguards for connected vehicles. In 2016 EPIC filed an amicus brief in federal appeals court to protect consumers in cases involving connect vehicles. (Mar. 22, 2017)
  • . EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners. (Mar. 22, 2017)
  • . In a letter to DHS Secretary Kelly and Attorney General Sessions, EPIC and a coalition of 25 open government organizations expressed concerns about the lawfulness and objectivity of data practices under several recent immigration Executive Orders. Official memos reveal the Orders are being implemented in "manner that is unlawful and inconsistent with federal information quality guidelines, raising serious privacy, transparency, and accountability concerns." The coalition urged Secretary Kelly and the Attorney General to align data practices with privacy safeguards, open data, and data quality requirements. "Public data allows the public to hold its government accountable - but that is only possible if government information is released in a complete, consistent, unbiased, and open manner," the group stated. Earlier this year, EPIC also collaborated with other open government advocates to push for greater transparency in federal dispute resolution services and to preserve access to government information online. (Mar. 22, 2017)
  • . EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Mar. 21, 2017)
  • . Following Director James Comey's confirmation of the FBI investigation into ties between Russia and Trump's presidential campaign, the FBI asked to delay EPIC's FOIA lawsuit against the agency. In EPIC v. FBI, EPIC seeks public release of records pertaining to the Russian interference with the 2016 Presidential election. Yesterday, in an open hearing before the House Select Intelligence Committee, Comey acknowledged for first time that the FBI is investigating possible coordination between the Trump campaign and Russia's interference in the election. Following the testimony, the FBI immediately asked the court for more time file a schedule for processing the FOIA request in EPIC's case against the FBI. EPIC is simultaneously pursuing a FOIA appeal with the DOJ, pressing the agency to reveal the existence of any applications to wiretap Trump Tower. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election, and a new EPIC project, the EPIC Cybersecurity and Democracy Project, will focus on US cyber policies. (Mar. 21, 2017)
  • . EPIC has filed a complaint with the Consumer Financial Protection Bureau over the use of automobile "starter interrupt devices." The EPIC complaint alleges that companies use these devices to "monitor borrowers' real-time location, limit borrowers' movements to prescribed boundaries via geo-fencing technology, and disable vehicles in remote or dangerous locations" in violation of the Consumer Financial Protection Act. EPIC has asked the Bureau "to enjoin their unfair and abusive practices." In testimony, and detailed comments, and letters. EPIC has urged Congress to adopt privacy and safety standards for connected vehicles. EPIC has also submitted comments to the CFPB on debt collection practices and publication of consumer complaint narratives. (Mar. 21, 2017)
  • . EPIC has appealed the DOJ’s decision to “neither confirm nor deny" the existence of a FISA application to monitor Trump Tower. Following tweets by the President alleging that President Obama "had [his] wires tapped in Trump Tower,” EPIC submitted an urgent FOIA request with the DOJ’s National Security Division for public release of any FISA applications for wiretapping Trump Tower. In response, the DOJ stated on Friday that "we can neither confirm nor deny the existence of records in these files responsive to your request." Yet, in today’s hearing before the House Select Committee on Intelligence, FBI Director James Comey stated that both the FBI and the DOJ had “no information to support those tweets.” EPIC has appealed the agency's response to the FOIA request, stating "Based on the FBI Director’s statement today... the agency may not hide behind the “neither confirm nor deny" response," and the "agency should immediately process EPIC’s FOIA Request." The heads of the Senate and House Intelligence committees have also publicly rejected the allegations, along with House Speaker Paul Ryan. EPIC will continue to press the DOJ for release of the information. (Mar. 20, 2017)
  • . EPIC has sent a letter to the House Intelligence Committee for a hearing on "Russian Active Measures Investigation," during which FBI Director James Comes will testify. EPIC described a FOIA request with the Department of Justice for the public release of any applications filed under "FISA" for wiretapping Trump Tower. This past Friday, DOJ responded to EPIC stating it can neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. EPIC also described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated." (Mar. 20, 2017)
  • . In a letter to the Senate Judiciary Committee, EPIC has urged Senators to question Supreme Court nominee Neil Gorsuch on a wide range of privacy, First Amendment, open government, and consumer protection issues. Judge Gorsuch’s views on these subjects could have "far-reaching implications" for “the future of privacy in the digital era," EPIC wrote. The letter from EPIC emphasized that "[t]hese issues could not be more timely” given recent allegations by the President “that he was the target of government surveillance"—a claim that is the target of an EPIC freedom of information request. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts. The Senate hearing will be webcast on C-SPAN Monday at 11:00 am EDT. (Mar. 20, 2017)
  • . In a letter to EPIC, the Department of Justice’s National Security Division stated it will neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. After the President has charged that President Obama "had [his] wires tapped in Trump Tower,” EPIC filed an urgent FOIA request with the DOJ for the public release of any applications filed under "FISA" for wiretapping Trump Tower. In response to EPIC’s FOIA request, the DOJ has stated, "we can neither confirm nor deny the existence of records in these files responsive to your request." EPIC will challenge the agency's determination. The Senate Select Committee on Intelligence released a bipartisan statement rejecting the allegations, and House Speaker Paul Ryan stated on Thursday they have "seen no evidence" of wiretapping. EPIC also filed a related request for five categories of FISA applications related to the alleged surveillance of the Trump team. The DOJ provided the same response to EPIC to that request. (Mar. 18, 2017)
  • . President Trump’s proposed budget reveals a $61 million increase in FBI funds dedicated to fighting encryption. The newly released budget for Fiscal Year 2018 directs the FBI to invest “$61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors’ use of encrypted products and services.” The FY2017 budget set aside $38 million to FBI anti-encryption technology and research. EPIC has advocated for strong encryption since its founding, and consistently pushed back against efforts to weaken the technology. EPIC also published the first comprehensive survey of encryption use around the world. (Mar. 17, 2017)
  • . The International Working Group on Data Protection in Telecommunications adopted new recommendations to improve the privacy and security of biometric identification online. The Berlin-based Working Group includes Data Protection Authorities and experts who work together to address emerging privacy challenges. The "Working Paper on Biometrics in Online Authentication )" explains that “biometrics in online authentication offers one possibility to address some of the shortcomings” of conventional online passwords, but the “data protection and privacy risks” must be considered. Among their recommendations, the experts urge policymakers to support for “[p]roactive privacy tools,” and contend biometric authentication should “remai[n] an active choice by the user and not a condition of use.” EPIC will host the 61st meeting of the International Working Group in Washington DC in April 2017. (Mar. 17, 2017)
  • . EPIC has filed a "friend-of-the-court" brief in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC argued that withholding personal information is consistent with open government and constitutionally required. "Open government laws and privacy laws are complimentary: the aim is to maximize both the public's access to information about the government and to safeguard personal privacy to the greatest extent feasible," EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T. (Mar. 16, 2017)
  • . The Colorado General Assembly recently passed a bill that allows "ballot selfies," threatening voter privacy. Ballot selfies allow campaigns, employers, unions, and others to verify how an individual voted. But EPIC explained in "The Secret Ballot At Risk: Recommendations for Protecting Democracy" that the secret ballot — the inability to link particular voters to particular votes — is a cornerstone of modern democracies. The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. The secret ballot allows people to vote without fear of intimidation or retaliation. EPIC has a long history of working to protect voter privacy and election integrity. In a 2010 Supreme Court case, EPIC argued that disregard for voter privacy may unconstitutionally burden the right to vote. (Mar. 16, 2017)
  • . Senator Markey and Representative Welch today introduced the Drone Aircraft Privacy and Transparency Act of 2017. The Act would establish privacy safeguards to protect individuals from drone surveillance. The Drone Privacy Act requires publicly available data collection statements from operators and warrants for drone surveillance by law enforcement. "Drones flying overhead could collect very sensitive and personally identifiable information about millions of Americans, but right now, we don't have sufficient safeguards in place to protect our privacy," said Senator Markey. The Act includes privacy protections EPIC has proposed in statements to Congress and comments to federal agencies. In EPIC v. FAA, EPIC is challenging the failure of the FAA to protect the public from aerial surveillance. (Mar. 15, 2017)
  • . EPIC has sent a letter to the Senate Judiciary Committee for a hearing on "The Modus Operandi and Toolbox of Russia and Other Autocracies for Undermining Democracies Throughout the World." EPIC described two of its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions, as well as a pending FOIA request regarding the "wiretapping of Trump Tower." EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated." (Mar. 15, 2017)
  • . EPIC sent a detailed letter to the Senate Commerce Committee ahead of a hearing on drone deployment in the United States. Emphasizing the unique privacy risks of drones, EPIC explained that the FAA has failed to establish necessary safeguard. EPIC has sued the agency, arguing that is has failed to comply with Congressional directives, following a petition by EPIC hundreds of comments the agency receivedin support of privacy rules. EPIC also pointed out that the FAA has excluded privacy experts from the agency task force on drone policy. (Mar. 14, 2017)
  • . EPIC has announced the newest members of the EPIC Advisory Board. They are Jennifer Daskal, Robert Groves, Cathy O'Neil, Jennifer Mnookin, Erin Murphy, and James Waldo. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties issues. Professor Danielle Citron, author of "Hate Crimes in Cyberspace," was recently named Chair of the EPIC Board of Directors. Sherry Turkle and Shoshana Zuboff joined the Board of Directors. (Mar. 13, 2017)
  • . The House Committee on Education and the Workforce gave approval last week to a bill that would undermine the privacy protections guaranteed by the Genetic Information Nondiscrimination Act (GINA). The bill would condition health insurance discounts for wellness programs on whether an employee agrees to participate in genetic testing. Under GINA, employers may not penalize employees for keeping their genetic data private. DNA profiles and other genetic records contain particularly sensitive personal information that can impact employment decisions, insurance availability, and even criminal justice outcomes. EPIC supported GINA and has backed the right of individuals to control the use of their genetic data in numerous comments and cases. (Mar. 13, 2017)
  • . In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2017 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases. In 2016, EPIC obtained records detailing a Customs and Border Protection data mining program used to build "risk" profiles on travelers, unveiled two years' worth of statistical data showing the FBI's growing biometric identification program, and revealed the DEA's failure to conduct legally mandated privacy assessments in EPIC v. DEA. In the latest FOIA Gallery, EPIC also highlights two new FOIA lawsuits to uncover details of the Russian interference in the 2016 election case concerning electronic surveillance report, and the launch of EPIC's new course teaching the basics of the federal FOIA. (Mar. 10, 2017)
  • . The Justice Department's Office of Information Policy has released the 2016 Freedom of Information Act Litigation and Compliance Report. The report describes the DOJ's efforts in 2016 to ensure compliance with the open government law across the federal government, from issuing policy guidance to holding FOIA trainings. The agency also issued a list of FOIA cases where a court decision was rendered in 2016 and the amount of fees awarded by the court. EPIC tied for second (with the ACLU), behind the Public Employees for Environmental Responsibility, as the most successful FOIA litigator in the country, receiving court-ordered fee awards in three cases in 2016. In 2017, EPIC has already prevailed in a FOIA case against the FBI for public release of the agency's privacy assessments. Fees are anticipated in that case. For more information about EPIC's open government work, visit: https://epic.org/open_gov/. (Mar. 9, 2017)
  • . EPIC has asked the House Committee on Foreign Affairs to examine the risk to democratic institutions of cyber attack. EPIC described two recent Freedom of Information Act cases against the FBI and the ODNI to obtain records about the Russian interference with the 2016 US Presidential election. EPIC pointed to the upcoming federal elections in Europe and the need to safeguard democratic elections. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems, and foreign attempts to influence American policymaking. (Mar. 9, 2017)
  • . EPIC has filed an urgent FOIA request with the FCC for information on the recent meeting between FCC Chairman Ajit Pai and President Donald Trump. EPIC is seeking memos, briefing papers, emails, and talking points relating to the White House meeting that took place on March 6, 2017. EPIC said in the FOIA request that public disclosure of this is critical as President Trump has described the media, which is subject to FCC regulation, as the "enemy of the people." FCC Chair Pai also recently suspended parts of a broadband privacy order that protects Internet users from invasive tracking and profiling. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy. EPIC also has a long-standing petition before the FCC to end the mandatory retention of customer telephone records. (Mar. 9, 2017)
  • . EPIC has filed a FOIA lawsuit against the Department of Justice for information about the use of "risk assessment" tools in the criminal justice system. These proprietary techniques are used to set bail, determine criminal sentences, and even contribute to determinations about guilt or innocence. Many criminal justice experts oppose their use. EPIC has pursued several FOIA cases to promote "algorithmic transparency." The EPIC cases include passenger risk assessment, "future crime" prediction, and proprietary forensic analysis. The Supreme Court is now considering whether to take a case on the use of a secretive technique to predict possible recidivism. (Mar. 7, 2017)
  • . EPIC has sent a letter to the Senate Commerce Committee ahead of an FCC oversight hearing. EPIC urged the Committee to examine the FCC's role in online privacy. EPIC supports the FCC's broadband privacy rule. In fact, EPIC had urged the FCC to adopt a comprehensive privacy rule for all communications services, as suggested by FCC Chairman Pai. EPIC also brought to the Committee's attention an outdated FCC regulation that requires the bulk collection of telephone data of American consumers. In 2015, EPIC and many consumer privacy groups petitioned the FCC to repeal, but the Commission has yet to take any action. In the letter to the Senate, EPIC said the FCC should withdraw the anti-privacy, data retention regulation. (Mar. 7, 2017)
  • . EPIC has filed an urgent FOIA request with the Department of Justice for the release of the warrant for wiretapping the Trump Tower in New York city. The President has charged that President Obama "had [his] wires tapped in Trump Tower." EPIC has filed a formal Freedom of Information request of the public release of any applications filed under "FISA" for wiretapping in Trump Tower. Such an order would have been filed by the National Security Division of the Justice Department and approved by the Foreign Intelligence Surveillance Court. The complete text of the Foreign Intelligence Surveillance Act is available in the Privacy Law Sourcebook (EPIC 2016) at the EPIC Bookstore. (Mar. 6, 2017)
  • . EPIC and a coalition of children's advocates have filed a comment opposing petitions that ask the FCC to revoke its broadband privacy rules. The coalition urged the FCC to retain rules that treat children's data, web browsing histories, and app usage data as sensitive and to retain opt-in requirements for all categories of sensitive information. EPIC previously urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Mar. 6, 2017)
  • . In comments to the National Science Foundation on "Smart Cities and Communities Federal Strategic Plan", EPIC warned that they there were considerable risks to public safety and personal privacy. EPIC urged the NSF to prioritize cybersecurity, protect individual privacy, and minimize the collection of personally identifiable information. EPIC regularly submits comments to federal agencies on emerging civil liberties issues, including cybersecurity, consumer protection, and other privacy issues. (Mar. 3, 2017)
  • . EPIC has sent a letter to the House Committee on Oversight for a hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that "seeking to hide its decision making behind this cloak of secrecy." The House Committee has also criticized the agency's use of the SSI designation. EPIC also raised concerns about the eye scanning of US travelers at US airports as well as the TSA's statement that they will no longer accept drivers licenses from states that oppose "REAL ID". (Mar. 2, 2017)
  • . In advance of a hearing on "Cyber Strategy and Policy," EPIC has sent a letter to the Senate Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Mar. 2, 2017)
  • . In March 2016, EPIC and more than 20 civil society organizations urged European leaders to oppose adoption of the "Privacy Shield" for EU-US data flows. The NGOs wrote that the political agreement fails to provide sufficient data protection and does not respect the decision of the European Court of Justice in the Schrems case. The groups urged the US to make changes in domestic laws and international commitments to permit transfers of personal data to the US. The ACLU and Human Rights Watch have now also sent a letter asking Europe to reexamine Privacy Shield. At a hearing before the High Court of Ireland, EPIC Senior Counsel Alan Butler has made submissions in DPC v. Facebook highlighting weaknesses in US privacy law. (Mar. 2, 2017)
  • . EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments. (Mar. 2, 2017)
  • . In advance of a hearing on Section 702 of the Foreign Intelligence Surveillance Act, EPIC has sent a letter to the House Judiciary Committee urging increased transparency and new public reporting of the Government's surveillance activities. EPIC also highlighted that Section 702 is the central focus of multiple current legal challenges to international data transfer agreements occurring abroad. Section 702, which authorizes the bulk surveillance on the communications of non-U.S. persons, sunsets on December 31, 2017. EPIC testified before the Committee during the 2012 FISA reauthorization hearings. (Mar. 1, 2017)
  • . Today EPIC made submissions before the Irish High Court in Data Protection Commissioner v. Facebook, concerning privacy protections for transAtlantic data transfers. EPIC explained that "U.S. privacy law is characterized by particularly narrow conceptions of privacy and personal data, which in turn limit the scope of relevant constitutional, statutory, and regulatory privacy protections." EPIC also stated, "many of the privacy safeguards under U.S. law in fact operate to the exclusion of E.U. citizens" and that the "standing" doctrine is an overarching barrier to legal redress. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all. [Press Release] (Mar. 1, 2017)
  • . In advance of a hearing on "Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities," EPIC has sent a letter to the House Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 28, 2017)
  • . EPIC has sent a statement to the Senate Select Committee on Intelligence outlining the key government transparency and cybersecurity challenges the next Director of National Intelligence will confront. The Committee meets today to consider the nomination of Sen. Dan Coats for the position. EPIC commended former Director Clapper's progress on oversight and transparency and urged the Committee to seek assurance from Sen. Coats that his office will continue that work. EPIC also warned that over classification remains an issue that frustrates government accountability. EPIC informed the Committee that EPIC has filed suit against the ODNI for public release of the Complete Assessment of the Russian interference in the 2016 election. In the unclassified report, former Director Clapper said that the Russians conducted a "multi-faceted" attack on the 2016 election. (Feb. 28, 2017)
  • . EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration concerning drone surveillance. EPIC charged that the FAA's failure to establish privacy rules for commercial drones is a violation of law. The EPIC lawsuit is based on an Act of Congress requiring a "comprehensive plan" for drone deployment in the United States and a petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. EPIC stated that “As the FAA has refused to issue any privacy-related rules and refused to conduct a comprehensive rulemaking, contrary to the FAA Modernization Act and to EPIC's Rulemaking Petition, the Court must now order the agency to do so.” The case is EPIC v. FAA, No. 16-1297. (Feb. 28, 2017)
  • . Congressman Frank Pallone has asked the U.S. Government Accounting Office to study the harms of eliminating rules that protect consumer privacy. "With the near universal use of the internet, and the rapid expansion of connected devices, corporations now have more information about American consumers than ever before," Pallone wrote in his letter. "It is, therefore, more important than ever that Americans' privacy and security be protected online." Pallone asked the GAO to report on whether the "notice and choice" approach to privacy regulation works, what challenges consumers face in protecting their information, and how the FCC, FTC, and other agencies approach privacy regulation. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy. EPIC also explained in comments to the FTC and FCC and in testimony before Congress that "notice and choice" is insufficient to protect consumer privacy. (Feb. 27, 2017)
  • . Yahoo has responded to a letter from Senators John Thune (R-SD) and Jerry Moran (R-KS) inquiring into data breaches that exposed over a billion user records in 2013 and 2014. Yahoo said in its response that it has notified users affected by the breaches, required users who had not changed their passwords since 2014 to do so, and encouraged all users to review their passwords and security questions. Yahoo's letter also discussed the steps the company has taken to improve its security program. EPIC testified in support of strong data breach notification laws in 2009 and 2011, launched "Data Protection 2016" to make privacy a campaign issue and recently filed an amicus brief to protect the ability of consumer to sue companies that fail to protect their personal information. (Feb. 24, 2017)
  • . In comments to Office of Government Information Services, EPIC and a coalition of open government groups urged greater transparency for dispute resolutions. The coalition wrote that a proposed rule "would impose restrictive confidentiality requirements." The coalition proposed revisions that "do not place restrictive confidentiality requirements on requesters" who use dispute resolution services. EPIC routinely advocates on behalf of open government and transparency. Earlier this month, EPIC and a coalition called on the Office of Management and Budget to preserve public access to online government information. EPIC also recently prevailed in EPIC v. FBI, a Freedom of Information Act lawsuit for public release of the FBI's privacy assessments. (Feb. 24, 2017)
  • . The International Conference of Data Protection & Privacy Commissioners is seeking submissions by April 21, 2017 for the inaugural Global Privacy and Data Protection Awards. Entries are invited for research, dispute resolution, education and advocacy, and use of online tools. Winning entries will be announced at the 39th annual Privacy Commissioners conference in Hong Kong in September 2017. EPIC has organized more than a dozen Public Voice events in conjunction with the annual meetings of the Privacy Commissioners to encourage civil society participation in decisions concerning the future of the Internet. EPIC also gives out the Champion of Freedom Awards at the Computers, Privacy and Data Protection Conference in Brussels and the EPIC Awards Dinner in Washington, DC. (Feb. 24, 2017)
  • . The U.S. Supreme Court will hear arguments Monday in Packingham v. North Carolina. At issue is a state law that bars people listed in a sex offender registry from accessing any commercial website that allows users under 18 to create profiles and communicate online. The North Carolina ban covers major news sites such as the New York Times and CNN. Packingham was convicted for posting "Good is God" on Facebook after a traffic ticket was dismissed. EPIC filed a "friend-of-the-court" brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that the law violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread government monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. Reed, Watchtower Bible v. Stratton, and Los Angeles v. Patel. (Feb. 24, 2017)
  • . The FBI has filed an answer to EPIC's Freedom of Information Act lawsuit for records pertaining to the Russian interference with the 2016 Presidential election. In the answer, the FBI acknowledged receipt of EPIC's FOIA request. EPIC filed suit against the FBI in federal district court after the agency failed to make a timely decision concerning EPIC's request for expedited processing of the FOIA request. The parties will next confer to set a schedule for production of documents and briefing, if necessary. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 23, 2017)
  • . As a result of a Freedom of Information Act request, EPIC has obtained over 650 pages about DHS's immigration enforcement priorities. The documents detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. EPIC recently submitted two new urgent FOIA requests to DHS, the first about DHS plans to step up social media monitoring and a second to reveal the agency's compliance with recent immigration court orders. This week, EPIC also prevailed in a FOIA lawsuit for public release of privacy assessments the FBI is required to prepare. (Feb. 23, 2017)
  • . The Article 29 Working Party, an expert group of European privacy officials, has raised concerns over a provision in the immigration Executive Order that would limit Privacy Act protections. The Working Party is seeking assurance from the US that the change will not threaten the privacy rights of non-US citizens established in the "Privacy Shield" and the Umbrella Agreement. EPIC is currently participating in Data Protection Commissioner v. Facebook, a case following a landmark decision that found insufficient legal protections for the transfer of European consumer data to the US. (Feb. 22, 2017)
  • . EPIC has prevailed in EPIC v. FBI, a case involving a Freedom of Information Act request for privacy assessments the FBI is required to prepare. EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for the assessments. EPIC subsequently challenged the adequacy of the agency's search for responsive documents and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." Today, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims. (Feb. 21, 2017)
  • . Sen. Ron Wyden (D-OR) has asked the Department of Homeland Security to explain reports of Customs and Border Patrol agents demanding access to Americans' locked phones at U.S. borders. Wyden said that "These digital dragnet border search practices weaken our national and economic security." EPIC awarded Sen. Wyden the EPIC Champion of Freedom Award in 2013. EPIC's 2017 awards dinner will be held on June 5, 2017 honoring Carrie Goldberg, Garry Kasparov, and Judge Patricia Wald. EPIC has also submitted FOIA requests to the DHS regarding the agency's policies for searches of social media. (Feb. 21, 2017)
  • . The German Federal Network Agency has told parents to destroy the "My Friend Cayla" doll, an internet-connected doll that spies on young children. The toy is illegal under German privacy law because it is a "concealed listening device," according to the agency. EPIC and several consumer organizations filed a complaint with the Federal Trade Commission alleging that the doll violates U.S. privacy law. EPIC's complaint spurred a congressional investigation, and toy stores across Europe have removed Cayla from their shelves and are offering refunds to parents who purchased the toys. However, the Federal Trade Commission has failed to act on the complaint and U.S. families continue to purchase the doll that surreptitiously monitors children's communications. (Feb. 17, 2017)
  • . A coalition of human rights groups is urging the UN to investigate reports that the US is demanding entrants provide access to their cell phones and social media accounts. "These practices persist in violation of the United States human rights treaty obligations and your action is needed to hold the government accountable," the group stated in a letter to the the UN High Commissioner on Human rights and other UN offices. EPIC recently submitted an urgent request for disclosure of DHS plans to step up social media monitoring, and previously prevailed in a lawsuit against the agency to reveal records of its monitoring programs. EPIC's Privacy Law Sourcebook 2016, available in the EPIC bookstore, provides an overview of privacy frameworks around the world and tracks emerging privacy challenges. (Feb. 16, 2017)
  • . EPIC and a coalition of consumer groups sent a letter to the Federal Trade Commission recommending 10 steps the agency should take to protect consumers and promote competition in 2017. "American consumers today are at great risk of identity theft, financial fraud, and data breaches," the coalition wrote, arguing that "proactive efforts to strengthen data protection will spur innovation and support business models that are sustainable over time." The letter asks the FTC to increase its enforcement efforts, promote transparency, and pursue actions based on unfairness instead of relying on "notice and choice." EPIC has consistently urged the FTC to exercise its full authority in protecting consumers. EPIC has also filed numerous consumer privacy complaints with the FTC, including a recent complaint about "toys that spy." (Feb. 16, 2017)
  • . EPIC has sent a letter to a House committee on Digital Commerce and Consumer Protection for a hearing on "Self-Driving Cars: Road to Deployment," urging the establishment of privacy and safety measures for connected cars. EPIC warned that connected vehicles raise substantial risks for consumers. EPIC explained that voluntary guidance and self-regulation do not provide meaningful protection. EPIC has testified before Congress and submitted detailed comments on the need for privacy and safety standards for connected vehicles. (Feb. 15, 2017)
  • . EPIC has sent letters to two Senate Committees investigating Russian interference with the 2016 Presidential Election. In letters to the Senate Judiciary Committee and Senate Foreign Relations Committee EPIC described two Freedom of Information Act cases against the FBI and the ODNI to obtain records about the scope of activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to understand the cyber threat to democratic elections. (Feb. 13, 2017)
  • . EPIC and a coalition of over sixty organizations urged the Office of Management and Budget to preserve access to government information online. In a letter, the coalition called on OMB to ensure agencies give the public notice required by law before removing information. The coalition warned that agencies have begun removing information on topics "such as animal welfare, individuals with disabilities, climate change, and more from their websites." EPIC routinely advocates on behalf of open government and transparency. EPIC is currently pursuing two Freedom of Information Act lawsuits for records related to the Russian interference in the 2016 Presidential election. (Feb. 13, 2017)
  • . In advance of a hearing on "Strengthening U.S. Cybersecurity Capabilities," EPIC has sent a letter to the House Science Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. (Feb. 13, 2017)
  • . Several states across the U.S., including Michigan, Montana, North Carolina, and Ohio, recognized international Data Privacy Day, held annually on January 28 to commemorate the first international treaty for privacy and data protection. State efforts to raise awareness about privacy and other consumer protection issues are published monthly in The State Center Consumer Protection Report. The Report also noted that Mississippi is pursuing legal action against Google over student data collected from public schools. The lawsuit accuses Google of collecting students' personal information and search history for its own business interests in violation of the Mississippi Consumer Protection Act. (Feb. 10, 2017)
  • . In a letter to DHS Secretary Kelly, Senator Markey (D-MA) and five other Senators pressed DHS about the impact of an Executive Order limiting federal Privacy Act protections. "These Privacy Act exclusions could have a devastating impact on immigrant communities and would be inconsistent with the commitments made when the government collected much of this information," the Senators contended. The Senators also called on Secretary Kelly to explain the Order's impact on international commitments that permit U.S. firms to obtain access to the data of European consumers. EPIC is participating in Data Protection Commissioner v. Facebook, a case which follows a landmark decision that found insufficient legal protections for the transfer of European consumer data to the United States. (Feb. 9, 2017)
  • . EPIC has submitted an urgent FOIA request to the Department of Homeland Security about aerial surveillance, social media monitoring and ID theft following statements made by DHS Secretary John Kelly in a Congressional hearing on Homeland Security. The Secretary described plans to expand the use of "aerostats" (surveillance blimps) and monitoring of social media. The Secretary also stated that he has been a victim of data breach. The EPIC FOIA request follows earlier cases brought by EPIC which revealed efforts by the DHS to expand aerial surveillance within the United States, develop techniques for "pre-crime" detection, interrupt Internet service, as well as the impermissible monitoring of social media services and news organizations. (Feb. 8, 2017)
  • . The Pew Research Center has released a report, "Code-Dependent: Pros and Cons of the Algorithm Age." The Pew report discusses the impact that experts expect algorithms to have on individuals and society. Among the themes in the report are the biases and lack of human judgment in algorithmic decisionmaking and the need for "algorithmic literacy, transparency, and oversight." EPIC has promoted "Algorithmic Transparency" for many years and has proposed two amendments to Asimov's Laws of Robotics that would require autonomous devices to reveal the basis of their decisions and their actual identity. (Feb. 8, 2017)
  • . In a recent speech, Acting Federal Trade Commission Chairwoman Maureen Ohlhausen outlined her priorities for consumer protection. Ohlhausen recognized that "a notice-and-choice approach to privacy may not adequately protect consumers" but advocated a market-focused "harms-based approach" to privacy. She pointed to recent settlements with Ashley Madison and Eli Lilly as cases involving significant non-financial harm to consumers. Ohlhausen also proposed making the results of all FTC data security investigations public, not only those that result in enforcement actions. EPIC supports increased transparency in FTC actions but has explained in comments to the FTC and FCC and in testimony before Congress that "notice and choice" and "harms based" approaches are insufficient to protect consumer privacy. (Feb. 6, 2017)
  • . The Federal Trade Commission has reached a $2.2 million settlement with smart TV manufacturer VIZIO over the company's tracking of consumers' viewing habits without their knowledge or consent. The FTC's complaint alleged that VIZIO's collection and sale of viewing data was unfair and deceptive, and the settlement agreement requires the company to delete all viewing data. EPIC previously filed a complaint with the FTC over Samsung's smart TV data collection practices, including surveillance of consumers' private conversations. EPIC has also defended the privacy of consumers' TV viewing habits in a federal court case involving the Video Privacy Protection Act. (Feb. 6, 2017)
  • . This week the case Data Protection Commissioner v. Facebook, concerning privacy protection for transAtlantic data transfers, begins in Ireland. The case follows a landmark decision which found insufficient legal protections for the transfer of European consumer data to the United States. Mr. Schrems, an Austrian privacy advocate, now challenges Facebook's "standard contractual clauses" as failing to protect privacy. The Irish High Court designated EPIC as the US NGO amicus curiae in the case. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all. (Feb. 6, 2017)
  • . EPIC has filed an urgent FOIA request with the Department for Homeland Security for further information about a DHS press release on "Compliance With Court Orders And The President's Executive Order." The DHS Press Release follows an Executive Order on entry to the United States and a series of court decisions suspending the Order. EPIC is now seeking details about the DHS's activities, including communications with other agencies, communications with airlines, and legal memos supporting the agency's actions. The Inspector General of DHS also announced an investigation to review "allegations of individual misconduct on the part of DHS personnel." EPIC cited both an "urgency to inform the public" and "exceptional media interest" in questions about the "government's integrity" in support of the request for expedited processing. EPIC will continue to press the DHS for prompt release of the documents sought. More information about EPIC's FOIA work is available on the FOIA Case page. (Feb. 3, 2017)
  • . Congress is scheduled to consider the "Email Privacy Act" (H.R. 387) next week. The bill passed the House 419-0 last session. The Act amends the Electronic Communications Privacy Act of 1986 to extend the warrant requirement to communications stored for more than 180 days. An earlier version of the the Act would have required notice of email searches to the user, with some exceptions. EPIC has recommended several other ECPA updates, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Feb. 3, 2017)
  • . EPIC sent a letter to a House Subcommittee on Communications and Technology in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing recent examples of hacks of devices, including home locks and cars, connected to the internet. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC warned of growing risks to consumer safety and public safety. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices. (Feb. 2, 2017)
  • . As a result of a Freedom of Information Act request, EPIC obtained documents detailing a DOJ and White House meeting with top industry representatives to help combat ISIL's online influence. The February 2016 meeting, called the "Madison Valleywood Project," convened a range of industry members to "collaborate in generating and amplifying compelling content that would undermine ISIL's online messaging and recruitment efforts." A series of slides set the stage for the project, proposing counter strategies like "disrupting their digital landscape" and encouraging use of data metrics to track success. EPIC routinely pursues FOIA requests and lawsuits to improve government oversight and accountability. In 2012, EPIC prevailed in a lawsuit against DHS revealing the agency's social media monitoring policies, including instructions to analysts to monitor criticism of the agency. More information about EPIC's FOIA work is available on the FOIA Case page. (Jan. 31, 2017)
  • . The President has issued an executive order requiring every new regulation to be offset by the repeal of at least two existing regulations. The Order could directly impact rules that safeguard consumers against data breach, financial fraud, and identity theft. EPIC has also recommended new public safety regulations concerning aerial drones, connected vehicles, and the Internet of Things. In EPIC v. FAA, EPIC is challenging the failure of the agency to protect the public from aerial surveillance. (Jan. 31, 2017)
  • . Through a Freedom of Information Act lawsuit, EPIC has obtained several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." Last year, EPIC filed extensive comments scrutinizing the FBI's proposal to remove Privacy Act safeguards from the Bureau's massive biometric database known as "Next Generation Identification." EPIC also lead a coalition effort urging Congress to hold an oversight hearing on the FBI database. The case is EPIC v. FBI, No. 16-2237 (D.D.C. filed Nov. 10, 2016) (Biometric Data Transfer Agreements). (Jan. 30, 2017)
  • . The Aspen institute released a report on the Artificial Intelligence workshop on connected cars, healthcare, and journalism. "Artificial Intelligence Comes of Age" explored issues at "the intersection of AI technologies, society, economy, ethics and regulation." The Aspen report notes that "malicious hacks are likely to be an ongoing risk of self-driving cars" and that "because self-driving cars will generate and store vast quantities of data about driving behavior, control over this data will become a major issue." The Aspen report discusses the tension between privacy and diagnostic benefits in healthcare AI and describes "some of the alarming possible uses of AI in news media." EPIC has promoted Algorithmic Transparency and has been at the forefront of vehicle privacy through testimony before Congress, amicus briefs, and comments to the NHTSA. (Jan. 30, 2017)
  • . On January 28, EPIC celebrates International Privacy Day, which commemorates Convention 108, the first international treaty for privacy and data protection. EPIC and consumer organizations have urged the United States to ratify the International Privacy Convention. NGOs and Privacy experts have also expressed support for the Madrid Declaration, a substantial document that reaffirms international instruments for privacy protection, identifies new challenges, and calls for concrete actions. The complete text of the Privacy Convention is contained in the Privacy Law Sourcebook, available at the EPIC Bookstore. (Jan. 28, 2017)
  • . EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States. (Jan. 28, 2017)
  • . The Department of Health and Human Services, along with fifteen other federal agencies, released a final revision for the Common Rule which establishes privacy rights for personal information collected from human subjects in federally funded research. EPIC submitted extensive comments, urging the agencies to adopt strong privacy protections for personal data for the revised Common Rule. However, the federal agency deferred new safegaurds, as well as privacy guidance for internal review boards, claiming that current privacy laws were adequate. (Jan. 27, 2017)
  • . EPIC has filed a "friend-of-the-court" brief in a donor privacy case before the Ninth Circuit Court of Appeals. Under California law, nonprofit organizations are required to send the state each year a list of donors and their donations. EPIC said this reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC traced the history of anonymous giving in Christianity, Islam, and Judaism. EPIC also explained that California has "failed to implement basic data protection standards" for donor information. In amicus briefs for the U.S. Supreme Court, EPIC has argued for similar Constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, Watchtower Bible v. Stratton, and Patel v. Los Angeles. (Jan. 27, 2017)
  • . According to a new public opinion study from the Pew Research Center, 64% of Americans have personally experienced a major data breach, and 49% feel that their personal information is less secure than it was 5 years ago. Pew also found that 41% of Americans have dealt with fraudulent charges on their credit card, and 15% have received notice that their Social Security number had been compromised. Pew found that a substantial majority (70%) of Americans anticipate major cyberattacks in the next five years on our nation's public infrastructure. The EPIC Data Protection campaign highlights the need to improve privacy safeguards in the United States. (Jan. 26, 2017)
  • . The Federal Trade Commission has issued Cross-Device Tracking: An FTC Staff Report, which describes online tracking technology used to link a consumer's activity across smartphones, laptops, tablets, and other internet-connected devices. The report follows from an FTC workshop on this emerging practice. EPIC filed comments with the Commission urging limits on cross-device tracking, which presents significant privacy challenges due to the "lack of transparency and control in this undetectable online tracking scheme." EPIC explained how "notice and choice" fails to protect consumers from this surreptitious activity. The FTC's report recommends continued industry-self regulation and application of the unworkable "notice and choice" approach to this new practice. (Jan. 26, 2017)
  • . EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence in federal district court in Washington, DC. The case is designated EPIC v. ODNI, No. 17-163 (D.D.C. filed Jan. 25, 2017). As EPIC makes clear in the complaint, "there is an urgent need to make available to the public the Complete ODNI Assessment to fully assess the Russian interference with the 2016 Presidential election and to prevent future attacks in democratic institutions." More details in the press release. Last week EPIC sued the FBI to uncover details of the Bureau's response to Russian interference. (Jan. 26, 2017)
  • . Less than one week in office, the Trump Administration has published an Executive Order that limits the application of the federal Privacy Act. The Order states that "Agencies shall . . . ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act . . .” Few U.S. privacy laws distinguish between U.S. and non-U.S. citizens. The Privacy Act is an exception. Some efforts were made in the last few years to update the Privacy Act, a law adopted in 1974, as the federal government now collects detailed personal information on non-U.S. citizens. The reforms were also considered legally necessary to permit U.S. firms to obtain access to the data of European consumers. (Jan. 26, 2017)
  • . This week the U.S. Senate confirmed Rep. Mike Pompeo to be Director of the CIA by a vote of 66-32. EPIC sent a statement to the Senate Select Committee on Intelligence highlighting Pompeo's troubling statements on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Senate Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." A recent Freedom of Information Act case pursued by an EPIC revealed that the CIA spied on staff members of the US Senate. (Jan. 25, 2017)
  • . EPIC has awarded the 2017 International Privacy Champion Award to German Privacy expert and open government advocate Alexander Dix. Dr. Dix served as Commissioner for Data Protection and Access to Information in Berlin, as well as Chair of the International Working Group on Data Protection. The EPIC award was presented at the annual conference on Computer, Privacy, and Data Protection in Brussels. The EPIC Champion of Freedom Awards will be presented on June 5, 2017 at the National Press Club in Washington, DC. Press Release. (Jan. 25, 2017)
  • . The U.S. Supreme Court has declined to review a ruling by the Fifth Circuit Court of Appeals that a Texas voter ID law violates the Voting Right Act. The decision means that Texas won't be able to enforce the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the appeals court held that the Texas Law had a "discriminatory effect" on minorities' voting rights and remanded the case to the lower court. Texas petitioned the Supreme Court to review the decision, but the court refused to do so Monday. EPIC filed an amicus brief arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC told the court. (Jan. 24, 2017)
  • . The Director of National Intelligence released a final progress report from the Obama administration on signals intelligence reform. The DNI report detailed the agency's efforts under Presidential Policy Directive 28 to increase transparency and accountability. Clapper also highlighted the Privacy and Civil Liberties Oversight Board's oversight role and stated that transparency is "difficult, but also, in my view, essential." The DNI stated, "The IC routinely provides the Board with the information and access it requests to carry out its oversight duties." The report also notes implementation of the Freedom Act, which prohibits the bulk collection of domestic telephone records. EPIC has supported enhanced transparency for the Intelligence Community and filed a Supreme Court petition to end the bulk data collection program. (Jan. 24, 2017)
  • . EPIC sent a letter to the Senate Commerce Committee on Monday about privacy and security concerns in two pending bills. The DIGIT Act would "encourage the growth" of the Internet of Things and "help identify barriers to its advancement." The Spoofing Prevention Act would extend the laws prohibiting Caller ID spoofing to text messages, international calls, and Voice-over-IP calls. EPIC pointed out the "significant privacy and security risks" to American consumers of the Internet of Things. EPIC also argued for "a requirement that any automated calls reveal (1) the actual identity of the caller and (2) the purpose of the call." EPIC has been at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices. EPIC also supports robust telephone privacy protections and recently advised Congress on modernizing telemarketing rules. (Jan. 24, 2017)
  • . During the final week in office, the Obama Department of Justice released the list of European countries covered under the Judicial Redress Act. The Act gives citizens of these countries limited rights under the US Privacy Act. The Act implements the US-EU "Umbrella Agreement," which is a framework for transferring law enforcement data across the Atlantic. The Act came about in response to the Schrems decision, which held that the United States lacks adequate data protection. EPIC had recommended substantial changes to the Judicial Redress Act, explaining in a letter to Congress that the bill still did not provide adequate protection to permit transborder data flows and fails to provide necessary updates for U.S. citizens. EPIC successfully sued the Justice Department to obtain the full text of the Umbrella Agreement. (Jan. 23, 2017)
  • . As one of the final acts of the outgoing President, the White House has released "Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation." In 2008, President Obama announced "Change We Can Believe In" and said he would "strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy." Beginning after his election, privacy groups across the county urged the President to strengthen privacy in America. In 2012, Obama proposed a Consumer Privacy Bill of Rights but no legislation followed. After the Snowden revelations, Congress enacted the Freedom Act and Obama reformed intelligence practices, but the US failed to limit data collection outside the US. The "Privacy Shield," a framework to gather data for commercial use without legal protections, was put in place even after NGOs urged comprehensive reforms in the US and the EU. Between 2009 and 2016, the levels of data breach, identity theft, and financial fraud in the United States skyrocketed, even as Americans called for stronger protections. The 2016 Presidential election was marked by data breaches, email disclosures and cyber attack The U.S. is still one of the few democratic nations in the world without a data protection agency. (Jan. 19, 2017)
  • . EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC. The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017). The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.” A press conference will be held at the Fund for Constitutional Government on Capitol Hill on Thursday, January 19, 2017 at 1 pm. Media Advisory (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Foreign Relations Committee urging that the next UN Ambassador to advocate for human rights, particularly the right to privacy and the right to freedom of expression as set out in the Universal Declaration of Human Rights. EPIC also wrote that the UN Ambassador should support US ratification of the Council of Europe Privacy Convention, which is critical to the continued flow of personal data around the world. EPIC and consumer organizations have called on the United States to ratify the Privacy Convention. Next week, many countries around the world will recognize January 28, International Privacy Day, which celebrates the International Privacy Convention. (Jan. 18, 2017)
  • . EPIC will host a press conference at the Fund for Constitutional Government, across the street from the U.S. Supreme Court, on Thursday, January 19, 2017, at 1 pm, concerning the Russian Interference with the 2016 Presidential Election. Details to follow. (Jan. 18, 2017)
  • . EPIC has sent a letter to the Senate Commerce Committee outlining the key privacy issues that the next Secretary of Commerce should address. The Committee convened this week to consider the nomination of Wilbur Ross for Commerce Secretary. EPIC stated that privacy protection may be on "the most important issue that the Secretary of Commerce will confront over the next several years." EPIC urged the Committee to ensure the nominee "make clear his commitment to a comprehensive approach to data protection, based in law." EPIC warned about the inadequacy of the Privacy Shield, a non-legal framework that permits the flow of European consumers' personal data to the United States, outside of European privacy law. (Jan. 18, 2017)
  • . EPIC has filed a "friend-of-the-court" brief urging a federal appeals court to protect consumers' ability to sue companies that fail to safeguard personal information. A group of consumers sued health insurer Carefirst after the company's faulty security practices allowed hackers to obtain the personal information of 1,100,000 customers. A lower court wrongly dismissed the case because the judge believed that consumers must suffer identity theft before a court can consider violations of legal obligations. In the amicus brief, EPIC explained that the court misunderstood the relevant law, and confused the legal responsibility of companies to maintain good security with the harms that consumers eventually suffer. EPIC said courts should focus on whether companies have breached a legal obligation to safeguard personal data. EPIC regularly files briefs defending consumer privacy. (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Select Committee on Intelligence highlighting CIA Director nominee Mike Pompeo's troubling positions on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." The CIA has a long history of unlawful surveillance. A recent Freedom of Information Act case pursued by an EPIC revealed the CIA spied on staff members of the US Senate. (Jan. 17, 2017)
  • . Senator Richard Burr (R-NC) and Senator Mark Warner (D-VA), the Chairman and Ranking Member of the Senate Intelligence Committee, have announced a bipartisan inquiry into the Russian interference with the 2016 Presidential Election. Democratic members of the House Judiciary Committee have also pressed the FBI to confirm its investigation of President-elect Trump's ties to Russia. In a letter to FBI Director James Comey, Committee Members requested "all documentation relevant to this investigation" be provided to the Committee "as soon as possible." EPIC has filed two urgent Freedom of Information Act requests concerning Russian interference: one for records about the FBI's lax response to the foreign cyber threat, the other for the report "Russian Activities and Intentions in Recent US Elections". This week EPIC also urged the Senate Armed Services Committee to pursue an investigation. (Jan. 16, 2017)
  • . The National Academies of Sciences has released a new report that examines how disparate federal data sources can be used for policy research while protecting privacy. The NAS Statistics and Privacy Report states that privacy must be a "core value" of any use of government data and recommends that federal statistical agencies "adopt modern database, cryptography, privacy-preserving, and privacy-enhancing technologies” and "engage in collaborative research with academia and industry to continuously develop new techniques to address potential breaches of the confidentiality of their data." EPIC President Marc Rotenberg and EPIC Advisory Board member Cynthia Dwork served on the committee that developed the report. Mr. Rotenberg testified before the Commission on Evidence-Based Policymaking, which is working on increasing access to government data for policy analysis. EPIC also filed comments with the Commission urging it to promote Privacy Enhancing Techniques. (Jan. 12, 2017)
  • . EPIC has sent a statement to the Senate Commerce Committee, highlighting two significant privacy issues: drones and autonomous vehicles. The Senate Committee met this week to consider the nomination of Elaine Chao for Secretary of Transportation. EPIC sued the FAA, an agency subject to the Committee's oversight, for its failure to establish drone privacy rules, as required by Congress. EPIC also testified last year before the Committee on the risks of connected cars, EPIC has recently submitted comments on federal automated vehicles policy and filed an amicus brief in federal appeals court on the risks to consumers of connected vehicles. (Jan. 12, 2017)
  • . The Director of National Intelligence has announced new rules that permit intelligence agencies to disseminate "raw" signals intelligence without first removing or "minimizing" personal information. EPIC and other civil liberties groups opposed these changes in a letter last year to the Director, explaining that the changes would "fatally weaken existing restrictions on access to the phone calls, emails, and other data the NSA collects." The Director said that the new rules would "prohibit recipient elements from querying raw [intelligence] for a law enforcement purpose." But EPIC previously highlighted the risks of consolidating personal data in a FOIA lawsuit, EPIC v. ODNI, against the Director of National Intelligence. (Jan. 12, 2017)
  • . The Federal Trade Commission has filed a lawsuit against Internet of Things device maker D-Link. The complaint alleges that D-Link failed to use adequate security in its internet cameras and routers despite promises that the devices were "easy to secure" and used "advanced network security." The poor security practices alleged by the FTC include using easily-guessed default passwords, mishandling code-signing keys, and storing usernames and passwords in plaintext. EPIC has worked extensively on the risks of the Internet of Things, recommending safeguards for connected cars, "smart homes," and "always on" devices. In 2013, EPIC submitted comments to the FTC addressing the security and privacy risks of IoT devices. (Jan. 12, 2017)
  • . EPIC and a coalition of privacy advocates have submitted comments asking the FCC to prohibit forced arbitration clauses in communications contracts. Arbitration clauses require consumers to settle complaints in private proceedings out of court, often in inconvenient locations and before arbitrators of the company's choosing. The comments note that forced arbitration clauses allow corporations to "escape accountability for systemic harms" such as overbilling. The FCC's broadband privacy rules, adopted in October 2016, did not address forced arbitration clauses, but Chairman Wheeler announced at the FCC's October meeting that the agency had begun an internal process for rulemaking on that issue. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Jan. 12, 2017)
  • . The Federal Trade Commission has responded to EPIC's complaint about toys that spy, promising to "carefully review" the filing. EPIC's complaint, filed last month and joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, alleges that the internet-connected children's toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws. The complaint is part of coordinated, international efforts to ban these toys from the marketplace. Walmart, Toys "R" Us, and stores across Europe have already pulled the toys from their shelves. EPIC's complaint has also spurred a congressional investigation by Sen. Edward Markey (D-MA) into the data practices of toymaker Genesis Toys and speech technology developer Nuance Communications. (Jan. 11, 2017)
  • . In a letter to the Senate Committee on Homeland Security, EPIC and leading experts urged Congress to keep a close eye on the White House Homeland Security Advisor. EPIC explained that the position, equal in power to the National Security Advisor, carries "significant implications for the safety and security of the American people." EPIC said that the Homeland Security Advisor should ensure "the Russian government poses no further threats to the United States electoral system or to other democratic governments." EPIC also said that "data protection and privacy should remain a central focus" of U.S. cyber security policy. The EPIC letter was signed by distinguished experts in cyber security, information technology, encryption, and human rights law. (Jan. 10, 2017)
  • . The European Commission has released its proposal to update EU law on privacy and security safeguards for electronic communications. The revamped e-Privacy Regulation would extend important new safeguards to users of all online communications services, including email, instant messaging, and social media. The proposal would also protect both communications content and metadata, and would limit tracking of internet users. In the US, the FCC recently adopted modest privacy rules that apply only to broadband services offered by telecom companies, despite EPIC's repeated advice to the FCC to address "the full range of communications privacy issues facing US consumers." The Commission's update of the e-Privacy Directive follows the recently adopted General Data Protection Regulation, and must next be adopted by the European Parliament and European Council. (Jan. 10, 2017)
  • . EPIC has submitted an urgent Freedom of Information Act request to the Office of the Director of National Intelligence (ODNI) seeking the complete report on the Russian interference in the 2016 Presidential Election. On January 6, the ODNI released a public summary on the Russian interference, but withheld important information. EPIC is seeking expedited release of the complete, unreacted report. EPIC is also seeking records from the FBI about the agency's lax response to the foreign cyber threat. EPIC submitted a statement to the Senate Armed Services Committee hearing on Russian interference. Congress will hold a second hearing today, and a bill initiating new sanctions against Russia is expected this week. EPIC will continue to press the ODNI for prompt release of the report. (Jan. 10, 2017)
  • . In comments to the TSA, EPIC urged the agency to abandon a proposed information collection plan under the REAL ID Act. REAL ID is a federal to turn the state driver's license into a national identity statement. Many states have opposed REAL ID. The TSA now plans to subject Americans, without a TSA "compliant" ID, to broad information collection requirements. EPIC, supported by a broad coalition, opposed REAL ID because it compromised privacy and enabled government surveillance. EPIC provided detailed comments to DHS later issued a report. Since adoption of REAL ID, many states have suffered data breaches of DMVs because of criminals seeking REAL ID mandated documents. (Jan. 10, 2017)
  • . Tomorrow the Senate Judiciary Committee will begin hearings on the nomination of Senator Jeff Sessions for Attorney General. EPIC submitted a statement to the Committee, which stated “Senator Sessions’ record regarding the privacy rights of Americans raises serious questions about his selection as Attorney General.” EPIC pointed to Sessions’ support for warrantless surveillance of the American people and opposition to government oversight. Senator Sessions also opposed Apple in its dispute with the FBI and failed to support efforts to modernize the Electronic Communications Privacy Act. The Lawyers for Good Government also raised concerns about Senator Session’s support for the Privacy Act, the Freedom of Information Act, as well as his independence to “prosecute all criminal acts including those that may implicate the President of the United States.” (Jan. 9, 2017)
  • . The U.S. Supreme Court declined today to review In re Nickelodeon, a class action suit concerning privacy protections for Internet users under the Video Privacy Protection Act. Last year, a federal appeals court rejected claims that Google and Viacom had violated the statute, holding that static IP and MAC addresses are not "personally identifiable information." That opinion contradicted a previous ruling from a different federal appeals court, which held that unique IDs are personally identifiable under the video privacy law. EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly "to ensure that the underlying intent of the Act-to safeguard personal information against unlawful disclosure-is preserved as technology evolves." (Jan. 9, 2017)
  • . The White House Office of Management and Budget has released guidance establishing common standards and practices for how federal agencies manage data breaches. The Data Breach Memorandum sets out a risk-based framework for evaluating data breaches and requires each agency to develop a data breach response plan. Not all breaches will trigger individual notification under the guidance. The new guidance comes four months after a House Government and Oversight Committee report criticized the Office of Personnel Management about the 2015 data breaches that compromised the records of 22 million federal employees and family members. EPIC testified in 2009 and 2011 in support of strong data breach notification laws, filed comments with the Office of Personal Management recommending limits on data collection, and has urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information. (Jan. 4, 2017)
  • . The Senate Armed Services Committee will hold a hearing on "Foreign Cyber Threats to the United States" on January 5, 2016. EPIC submitted a statement to the Committee to alert Senators about a pending Freedom of Information Act request. The EPIC FOIA request concerns the lax response of the FBI to the Russian interference with the 2016 Presidential election. EPIC wrote “we believe that the information that we are seeking from the FBI will also be helpful to the Senate Armed Services Committee as you investigate foreign cyber threats to the United States.”“Director of National Intelligence James Clapper, National Security Agency and Cyber Command Chief Adm. Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are scheduled to testify. (Jan. 4, 2017)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

1984

1984
George Orwell