Previous Top News: 2017

  • . Yahoo has responded to a letter from Senators John Thune (R-SD) and Jerry Moran (R-KS) inquiring into data breaches that exposed over a billion user records in 2013 and 2014. Yahoo said in its response that it has notified users affected by the breaches, required users who had not changed their passwords since 2014 to do so, and encouraged all users to review their passwords and security questions. Yahoo's letter also discussed the steps the company has taken to improve its security program. EPIC testified in support of strong data breach notification laws in 2009 and 2011, launched "Data Protection 2016" to make privacy a campaign issue and recently filed an amicus brief to protect the ability of consumer to sue companies that fail to protect their personal information. (Feb. 24, 2017)
  • . In comments to Office of Government Information Services, EPIC and a coalition of open government groups urged greater transparency for dispute resolutions. The coalition wrote that a proposed rule "would impose restrictive confidentiality requirements." The coalition proposed revisions that "do not place restrictive confidentiality requirements on requesters" who use dispute resolution services. EPIC routinely advocates on behalf of open government and transparency. Earlier this month, EPIC and a coalition called on the Office of Management and Budget to preserve public access to online government information. EPIC also recently prevailed in EPIC v. FBI, a Freedom of Information Act lawsuit for public release of the FBI's privacy assessments. (Feb. 24, 2017)
  • . The International Conference of Data Protection & Privacy Commissioners is seeking submissions by April 21, 2017 for the inaugural Global Privacy and Data Protection Awards. Entries are invited for research, dispute resolution, education and advocacy, and use of online tools. Winning entries will be announced at the 39th annual Privacy Commissioners conference in Hong Kong in September 2017. EPIC has organized more than a dozen Public Voice events in conjunction with the annual meetings of the Privacy Commissioners to encourage civil society participation in decisions concerning the future of the Internet. EPIC also gives out the Champion of Freedom Awards at the Computers, Privacy and Data Protection Conference in Brussels and the EPIC Awards Dinner in Washington, DC. (Feb. 24, 2017)
  • . The U.S. Supreme Court will hear arguments Monday in Packingham v. North Carolina. At issue is a state law that bars people listed in a sex offender registry from accessing any commercial website that allows users under 18 to create profiles and communicate online. The North Carolina ban covers major news sites such as the New York Times and CNN. Packingham was convicted for posting "Good is God" on Facebook after a traffic ticket was dismissed. EPIC filed a "friend-of-the-court" brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that the law violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread government monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. Reed, Watchtower Bible v. Stratton, and Los Angeles v. Patel. (Feb. 24, 2017)
  • . The FBI has filed an answer to EPIC's Freedom of Information Act lawsuit for records pertaining to the Russian interference with the 2016 Presidential election. In the answer, the FBI acknowledged receipt of EPIC's FOIA request. EPIC filed suit against the FBI in federal district court after the agency failed to make a timely decision concerning EPIC's request for expedited processing of the FOIA request. The parties will next confer to set a schedule for production of documents and briefing, if necessary. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 23, 2017)
  • . As a result of a Freedom of Information Act request, EPIC has obtained over 650 pages about DHS's immigration enforcement priorities. The documents detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. EPIC recently submitted two new urgent FOIA requests to DHS, the first about DHS plans to step up social media monitoring and a second to reveal the agency's compliance with recent immigration court orders. This week, EPIC also prevailed in a FOIA lawsuit for public release of privacy assessments the FBI is required to prepare. (Feb. 23, 2017)
  • . The Article 29 Working Party, an expert group of European privacy officials, has raised concerns over a provision in the immigration Executive Order that would limit Privacy Act protections. The Working Party is seeking assurance from the US that the change will not threaten the privacy rights of non-US citizens established in the "Privacy Shield" and the Umbrella Agreement. EPIC is currently participating in Data Protection Commissioner v. Facebook, a case following a landmark decision that found insufficient legal protections for the transfer of European consumer data to the US. (Feb. 22, 2017)
  • . EPIC has prevailed in EPIC v. FBI, a case involving a Freedom of Information Act request for privacy assessments the FBI is required to prepare. EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for the assessments. EPIC subsequently challenged the adequacy of the agency's search for responsive documents and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." Today, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims. (Feb. 21, 2017)
  • . Sen. Ron Wyden (D-OR) has asked the Department of Homeland Security to explain reports of Customs and Border Patrol agents demanding access to Americans' locked phones at U.S. borders. Wyden said that "These digital dragnet border search practices weaken our national and economic security." EPIC awarded Sen. Wyden the EPIC Champion of Freedom Award in 2013. EPIC's 2017 awards dinner will be held on June 5, 2017 honoring Carrie Goldberg, Garry Kasparov, and Judge Patricia Wald. EPIC has also submitted FOIA requests to the DHS regarding the agency's policies for searches of social media. (Feb. 21, 2017)
  • . The German Federal Network Agency has told parents to destroy the "My Friend Cayla" doll, an internet-connected doll that spies on young children. The toy is illegal under German privacy law because it is a "concealed listening device," according to the agency. EPIC and several consumer organizations filed a complaint with the Federal Trade Commission alleging that the doll violates U.S. privacy law. EPIC's complaint spurred a congressional investigation, and toy stores across Europe have removed Cayla from their shelves and are offering refunds to parents who purchased the toys. However, the Federal Trade Commission has failed to act on the complaint and U.S. families continue to purchase the doll that surreptitiously monitors children's communications. (Feb. 17, 2017)
  • . A coalition of human rights groups is urging the UN to investigate reports that the US is demanding entrants provide access to their cell phones and social media accounts. "These practices persist in violation of the United States human rights treaty obligations and your action is needed to hold the government accountable," the group stated in a letter to the the UN High Commissioner on Human rights and other UN offices. EPIC recently submitted an urgent request for disclosure of DHS plans to step up social media monitoring, and previously prevailed in a lawsuit against the agency to reveal records of its monitoring programs. EPIC's Privacy Law Sourcebook 2016, available in the EPIC bookstore, provides an overview of privacy frameworks around the world and tracks emerging privacy challenges. (Feb. 16, 2017)
  • . EPIC and a coalition of consumer groups sent a letter to the Federal Trade Commission recommending 10 steps the agency should take to protect consumers and promote competition in 2017. "American consumers today are at great risk of identity theft, financial fraud, and data breaches," the coalition wrote, arguing that "proactive efforts to strengthen data protection will spur innovation and support business models that are sustainable over time." The letter asks the FTC to increase its enforcement efforts, promote transparency, and pursue actions based on unfairness instead of relying on "notice and choice." EPIC has consistently urged the FTC to exercise its full authority in protecting consumers. EPIC has also filed numerous consumer privacy complaints with the FTC, including a recent complaint about "toys that spy." (Feb. 16, 2017)
  • . EPIC has sent a letter to a House committee on Digital Commerce and Consumer Protection for a hearing on "Self-Driving Cars: Road to Deployment," urging the establishment of privacy and safety measures for connected cars. EPIC warned that connected vehicles raise substantial risks for consumers. EPIC explained that voluntary guidance and self-regulation do not provide meaningful protection. EPIC has testified before Congress and submitted detailed comments on the need for privacy and safety standards for connected vehicles. (Feb. 15, 2017)
  • . EPIC has sent letters to two Senate Committees investigating Russian interference with the 2016 Presidential Election. In letters to the Senate Judiciary Committee and Senate Foreign Relations Committee EPIC described two Freedom of Information Act cases against the FBI and the ODNI to obtain records about the scope of activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to understand the cyber threat to democratic elections. (Feb. 13, 2017)
  • . EPIC and a coalition of over sixty organizations urged the Office of Management and Budget to preserve access to government information online. In a letter, the coalition called on OMB to ensure agencies give the public notice required by law before removing information. The coalition warned that agencies have begun removing information on topics "such as animal welfare, individuals with disabilities, climate change, and more from their websites." EPIC routinely advocates on behalf of open government and transparency. EPIC is currently pursuing two Freedom of Information Act lawsuits for records related to the Russian interference in the 2016 Presidential election. (Feb. 13, 2017)
  • . In advance of a hearing on "Strengthening U.S. Cybersecurity Capabilities," EPIC has sent a letter to the House Science Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. (Feb. 13, 2017)
  • . Several states across the U.S., including Michigan, Montana, North Carolina, and Ohio, recognized international Data Privacy Day, held annually on January 28 to commemorate the first international treaty for privacy and data protection. State efforts to raise awareness about privacy and other consumer protection issues are published monthly in The State Center Consumer Protection Report. The Report also noted that Mississippi is pursuing legal action against Google over student data collected from public schools. The lawsuit accuses Google of collecting students' personal information and search history for its own business interests in violation of the Mississippi Consumer Protection Act. (Feb. 10, 2017)
  • . In a letter to DHS Secretary Kelly, Senator Markey (D-MA) and five other Senators pressed DHS about the impact of an Executive Order limiting federal Privacy Act protections. "These Privacy Act exclusions could have a devastating impact on immigrant communities and would be inconsistent with the commitments made when the government collected much of this information," the Senators contended. The Senators also called on Secretary Kelly to explain the Order's impact on international commitments that permit U.S. firms to obtain access to the data of European consumers. EPIC is participating in Data Protection Commissioner v. Facebook, a case which follows a landmark decision that found insufficient legal protections for the transfer of European consumer data to the United States. (Feb. 9, 2017)
  • . EPIC has submitted an urgent FOIA request to the Department of Homeland Security about aerial surveillance, social media monitoring and ID theft following statements made by DHS Secretary John Kelly in a Congressional hearing on Homeland Security. The Secretary described plans to expand the use of "aerostats" (surveillance blimps) and monitoring of social media. The Secretary also stated that he has been a victim of data breach. The EPIC FOIA request follows earlier cases brought by EPIC which revealed efforts by the DHS to expand aerial surveillance within the United States, develop techniques for "pre-crime" detection, interrupt Internet service, as well as the impermissible monitoring of social media services and news organizations. (Feb. 8, 2017)
  • . The Pew Research Center has released a report, "Code-Dependent: Pros and Cons of the Algorithm Age." The Pew report discusses the impact that experts expect algorithms to have on individuals and society. Among the themes in the report are the biases and lack of human judgment in algorithmic decisionmaking and the need for "algorithmic literacy, transparency, and oversight." EPIC has promoted "Algorithmic Transparency" for many years and has proposed two amendments to Asimov's Laws of Robotics that would require autonomous devices to reveal the basis of their decisions and their actual identity. (Feb. 8, 2017)
  • . In a recent speech, Acting Federal Trade Commission Chairwoman Maureen Ohlhausen outlined her priorities for consumer protection. Ohlhausen recognized that "a notice-and-choice approach to privacy may not adequately protect consumers" but advocated a market-focused "harms-based approach" to privacy. She pointed to recent settlements with Ashley Madison and Eli Lilly as cases involving significant non-financial harm to consumers. Ohlhausen also proposed making the results of all FTC data security investigations public, not only those that result in enforcement actions. EPIC supports increased transparency in FTC actions but has explained in comments to the FTC and FCC and in testimony before Congress that "notice and choice" and "harms based" approaches are insufficient to protect consumer privacy. (Feb. 6, 2017)
  • . The Federal Trade Commission has reached a $2.2 million settlement with smart TV manufacturer VIZIO over the company's tracking of consumers' viewing habits without their knowledge or consent. The FTC's complaint alleged that VIZIO's collection and sale of viewing data was unfair and deceptive, and the settlement agreement requires the company to delete all viewing data. EPIC previously filed a complaint with the FTC over Samsung's smart TV data collection practices, including surveillance of consumers' private conversations. EPIC has also defended the privacy of consumers' TV viewing habits in a federal court case involving the Video Privacy Protection Act. (Feb. 6, 2017)
  • . This week the case Data Protection Commissioner v. Facebook, concerning privacy protection for transAtlantic data transfers, begins in Ireland. The case follows a landmark decision which found insufficient legal protections for the transfer of European consumer data to the United States. Mr. Schrems, an Austrian privacy advocate, now challenges Facebook's "standard contractual clauses" as failing to protect privacy. The Irish High Court designated EPIC as the US NGO amicus curiae in the case. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all. (Feb. 6, 2017)
  • . EPIC has filed an urgent FOIA request with the Department for Homeland Security for further information about a DHS press release on "Compliance With Court Orders And The President's Executive Order." The DHS Press Release follows an Executive Order on entry to the United States and a series of court decisions suspending the Order. EPIC is now seeking details about the DHS's activities, including communications with other agencies, communications with airlines, and legal memos supporting the agency's actions. The Inspector General of DHS also announced an investigation to review "allegations of individual misconduct on the part of DHS personnel." EPIC cited both an "urgency to inform the public" and "exceptional media interest" in questions about the "government's integrity" in support of the request for expedited processing. EPIC will continue to press the DHS for prompt release of the documents sought. More information about EPIC's FOIA work is available on the FOIA Case page. (Feb. 3, 2017)
  • . Congress is scheduled to consider the "Email Privacy Act" (H.R. 387) next week. The bill passed the House 419-0 last session. The Act amends the Electronic Communications Privacy Act of 1986 to extend the warrant requirement to communications stored for more than 180 days. An earlier version of the the Act would have required notice of email searches to the user, with some exceptions. EPIC has recommended several other ECPA updates, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Feb. 3, 2017)
  • . EPIC sent a letter to a House Subcommittee on Communications and Technology in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing recent examples of hacks of devices, including home locks and cars, connected to the internet. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC warned of growing risks to consumer safety and public safety. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices. (Feb. 2, 2017)
  • . As a result of a Freedom of Information Act request, EPIC obtained documents detailing a DOJ and White House meeting with top industry representatives to help combat ISIL's online influence. The February 2016 meeting, called the "Madison Valleywood Project," convened a range of industry members to "collaborate in generating and amplifying compelling content that would undermine ISIL's online messaging and recruitment efforts." A series of slides set the stage for the project, proposing counter strategies like "disrupting their digital landscape" and encouraging use of data metrics to track success. EPIC routinely pursues FOIA requests and lawsuits to improve government oversight and accountability. In 2012, EPIC prevailed in a lawsuit against DHS revealing the agency's social media monitoring policies, including instructions to analysts to monitor criticism of the agency. More information about EPIC's FOIA work is available on the FOIA Case page. (Jan. 31, 2017)
  • . The President has issued an executive order requiring every new regulation to be offset by the repeal of at least two existing regulations. The Order could directly impact rules that safeguard consumers against data breach, financial fraud, and identity theft. EPIC has also recommended new public safety regulations concerning aerial drones, connected vehicles, and the Internet of Things. In EPIC v. FAA, EPIC is challenging the failure of the agency to protect the public from aerial surveillance. (Jan. 31, 2017)
  • . Through a Freedom of Information Act lawsuit, EPIC has obtained several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." Last year, EPIC filed extensive comments scrutinizing the FBI's proposal to remove Privacy Act safeguards from the Bureau's massive biometric database known as "Next Generation Identification." EPIC also lead a coalition effort urging Congress to hold an oversight hearing on the FBI database. The case is EPIC v. FBI, No. 16-2237 (D.D.C. filed Nov. 10, 2016) (Biometric Data Transfer Agreements). (Jan. 30, 2017)
  • . The Aspen institute released a report on the Artificial Intelligence workshop on connected cars, healthcare, and journalism. "Artificial Intelligence Comes of Age" explored issues at "the intersection of AI technologies, society, economy, ethics and regulation." The Aspen report notes that "malicious hacks are likely to be an ongoing risk of self-driving cars" and that "because self-driving cars will generate and store vast quantities of data about driving behavior, control over this data will become a major issue." The Aspen report discusses the tension between privacy and diagnostic benefits in healthcare AI and describes "some of the alarming possible uses of AI in news media." EPIC has promoted Algorithmic Transparency and has been at the forefront of vehicle privacy through testimony before Congress, amicus briefs, and comments to the NHTSA. (Jan. 30, 2017)
  • . On January 28, EPIC celebrates International Privacy Day, which commemorates Convention 108, the first international treaty for privacy and data protection. EPIC and consumer organizations have urged the United States to ratify the International Privacy Convention. NGOs and Privacy experts have also expressed support for the Madrid Declaration, a substantial document that reaffirms international instruments for privacy protection, identifies new challenges, and calls for concrete actions. The complete text of the Privacy Convention is contained in the Privacy Law Sourcebook, available at the EPIC Bookstore. (Jan. 28, 2017)
  • . EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States. (Jan. 28, 2017)
  • . The Department of Health and Human Services, along with fifteen other federal agencies, released a final revision for the Common Rule which establishes privacy rights for personal information collected from human subjects in federally funded research. EPIC submitted extensive comments, urging the agencies to adopt strong privacy protections for personal data for the revised Common Rule. However, the federal agency deferred new safegaurds, as well as privacy guidance for internal review boards, claiming that current privacy laws were adequate. (Jan. 27, 2017)
  • . EPIC has filed a "friend-of-the-court" brief in a donor privacy case before the Ninth Circuit Court of Appeals. Under California law, nonprofit organizations are required to send the state each year a list of donors and their donations. EPIC said this reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC traced the history of anonymous giving in Christianity, Islam, and Judaism. EPIC also explained that California has "failed to implement basic data protection standards" for donor information. In amicus briefs for the U.S. Supreme Court, EPIC has argued for similar Constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, Watchtower Bible v. Stratton, and Patel v. Los Angeles. (Jan. 27, 2017)
  • . According to a new public opinion study from the Pew Research Center, 64% of Americans have personally experienced a major data breach, and 49% feel that their personal information is less secure than it was 5 years ago. Pew also found that 41% of Americans have dealt with fraudulent charges on their credit card, and 15% have received notice that their Social Security number had been compromised. Pew found that a substantial majority (70%) of Americans anticipate major cyberattacks in the next five years on our nation's public infrastructure. The EPIC Data Protection campaign highlights the need to improve privacy safeguards in the United States. (Jan. 26, 2017)
  • . The Federal Trade Commission has issued Cross-Device Tracking: An FTC Staff Report, which describes online tracking technology used to link a consumer's activity across smartphones, laptops, tablets, and other internet-connected devices. The report follows from an FTC workshop on this emerging practice. EPIC filed comments with the Commission urging limits on cross-device tracking, which presents significant privacy challenges due to the "lack of transparency and control in this undetectable online tracking scheme." EPIC explained how "notice and choice" fails to protect consumers from this surreptitious activity. The FTC's report recommends continued industry-self regulation and application of the unworkable "notice and choice" approach to this new practice. (Jan. 26, 2017)
  • . EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence in federal district court in Washington, DC. The case is designated EPIC v. ODNI, No. 17-163 (D.D.C. filed Jan. 25, 2017). As EPIC makes clear in the complaint, "there is an urgent need to make available to the public the Complete ODNI Assessment to fully assess the Russian interference with the 2016 Presidential election and to prevent future attacks in democratic institutions." More details in the press release. Last week EPIC sued the FBI to uncover details of the Bureau's response to Russian interference. (Jan. 26, 2017)
  • . Less than one week in office, the Trump Administration has published an Executive Order that limits the application of the federal Privacy Act. The Order states that "Agencies shall . . . ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act . . .” Few U.S. privacy laws distinguish between U.S. and non-U.S. citizens. The Privacy Act is an exception. Some efforts were made in the last few years to update the Privacy Act, a law adopted in 1974, as the federal government now collects detailed personal information on non-U.S. citizens. The reforms were also considered legally necessary to permit U.S. firms to obtain access to the data of European consumers. (Jan. 26, 2017)
  • . This week the U.S. Senate confirmed Rep. Mike Pompeo to be Director of the CIA by a vote of 66-32. EPIC sent a statement to the Senate Select Committee on Intelligence highlighting Pompeo's troubling statements on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Senate Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." A recent Freedom of Information Act case pursued by an EPIC revealed that the CIA spied on staff members of the US Senate. (Jan. 25, 2017)
  • . EPIC has awarded the 2017 International Privacy Champion Award to German Privacy expert and open government advocate Alexander Dix. Dr. Dix served as Commissioner for Data Protection and Access to Information in Berlin, as well as Chair of the International Working Group on Data Protection. The EPIC award was presented at the annual conference on Computer, Privacy, and Data Protection in Brussels. The EPIC Champion of Freedom Awards will be presented on June 5, 2017 at the National Press Club in Washington, DC. Press Release. (Jan. 25, 2017)
  • . The U.S. Supreme Court has declined to review a ruling by the Fifth Circuit Court of Appeals that a Texas voter ID law violates the Voting Right Act. The decision means that Texas won't be able to enforce the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the appeals court held that the Texas Law had a "discriminatory effect" on minorities' voting rights and remanded the case to the lower court. Texas petitioned the Supreme Court to review the decision, but the court refused to do so Monday. EPIC filed an amicus brief arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC told the court. (Jan. 24, 2017)
  • . The Director of National Intelligence released a final progress report from the Obama administration on signals intelligence reform. The DNI report detailed the agency's efforts under Presidential Policy Directive 28 to increase transparency and accountability. Clapper also highlighted the Privacy and Civil Liberties Oversight Board's oversight role and stated that transparency is "difficult, but also, in my view, essential." The DNI stated, "The IC routinely provides the Board with the information and access it requests to carry out its oversight duties." The report also notes implementation of the Freedom Act, which prohibits the bulk collection of domestic telephone records. EPIC has supported enhanced transparency for the Intelligence Community and filed a Supreme Court petition to end the bulk data collection program. (Jan. 24, 2017)
  • . EPIC sent a letter to the Senate Commerce Committee on Monday about privacy and security concerns in two pending bills. The DIGIT Act would "encourage the growth" of the Internet of Things and "help identify barriers to its advancement." The Spoofing Prevention Act would extend the laws prohibiting Caller ID spoofing to text messages, international calls, and Voice-over-IP calls. EPIC pointed out the "significant privacy and security risks" to American consumers of the Internet of Things. EPIC also argued for "a requirement that any automated calls reveal (1) the actual identity of the caller and (2) the purpose of the call." EPIC has been at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices. EPIC also supports robust telephone privacy protections and recently advised Congress on modernizing telemarketing rules. (Jan. 24, 2017)
  • . During the final week in office, the Obama Department of Justice released the list of European countries covered under the Judicial Redress Act. The Act gives citizens of these countries limited rights under the US Privacy Act. The Act implements the US-EU "Umbrella Agreement," which is a framework for transferring law enforcement data across the Atlantic. The Act came about in response to the Schrems decision, which held that the United States lacks adequate data protection. EPIC had recommended substantial changes to the Judicial Redress Act, explaining in a letter to Congress that the bill still did not provide adequate protection to permit transborder data flows and fails to provide necessary updates for U.S. citizens. EPIC successfully sued the Justice Department to obtain the full text of the Umbrella Agreement. (Jan. 23, 2017)
  • . As one of the final acts of the outgoing President, the White House has released "Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation." In 2008, President Obama announced "Change We Can Believe In" and said he would "strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy." Beginning after his election, privacy groups across the county urged the President to strengthen privacy in America. In 2012, Obama proposed a Consumer Privacy Bill of Rights but no legislation followed. After the Snowden revelations, Congress enacted the Freedom Act and Obama reformed intelligence practices, but the US failed to limit data collection outside the US. The "Privacy Shield," a framework to gather data for commercial use without legal protections, was put in place even after NGOs urged comprehensive reforms in the US and the EU. Between 2009 and 2016, the levels of data breach, identity theft, and financial fraud in the United States skyrocketed, even as Americans called for stronger protections. The 2016 Presidential election was marked by data breaches, email disclosures and cyber attack The U.S. is still one of the few democratic nations in the world without a data protection agency. (Jan. 19, 2017)
  • . EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC. The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017). The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.” A press conference will be held at the Fund for Constitutional Government on Capitol Hill on Thursday, January 19, 2017 at 1 pm. Media Advisory (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Foreign Relations Committee urging that the next UN Ambassador to advocate for human rights, particularly the right to privacy and the right to freedom of expression as set out in the Universal Declaration of Human Rights. EPIC also wrote that the UN Ambassador should support US ratification of the Council of Europe Privacy Convention, which is critical to the continued flow of personal data around the world. EPIC and consumer organizations have called on the United States to ratify the Privacy Convention. Next week, many countries around the world will recognize January 28, International Privacy Day, which celebrates the International Privacy Convention. (Jan. 18, 2017)
  • . EPIC will host a press conference at the Fund for Constitutional Government, across the street from the U.S. Supreme Court, on Thursday, January 19, 2017, at 1 pm, concerning the Russian Interference with the 2016 Presidential Election. Details to follow. (Jan. 18, 2017)
  • . EPIC has sent a letter to the Senate Commerce Committee outlining the key privacy issues that the next Secretary of Commerce should address. The Committee convened this week to consider the nomination of Wilbur Ross for Commerce Secretary. EPIC stated that privacy protection may be on "the most important issue that the Secretary of Commerce will confront over the next several years." EPIC urged the Committee to ensure the nominee "make clear his commitment to a comprehensive approach to data protection, based in law." EPIC warned about the inadequacy of the Privacy Shield, a non-legal framework that permits the flow of European consumers' personal data to the United States, outside of European privacy law. (Jan. 18, 2017)
  • . EPIC has filed a "friend-of-the-court" brief urging a federal appeals court to protect consumers' ability to sue companies that fail to safeguard personal information. A group of consumers sued health insurer Carefirst after the company's faulty security practices allowed hackers to obtain the personal information of 1,100,000 customers. A lower court wrongly dismissed the case because the judge believed that consumers must suffer identity theft before a court can consider violations of legal obligations. In the amicus brief, EPIC explained that the court misunderstood the relevant law, and confused the legal responsibility of companies to maintain good security with the harms that consumers eventually suffer. EPIC said courts should focus on whether companies have breached a legal obligation to safeguard personal data. EPIC regularly files briefs defending consumer privacy. (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Select Committee on Intelligence highlighting CIA Director nominee Mike Pompeo's troubling positions on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." The CIA has a long history of unlawful surveillance. A recent Freedom of Information Act case pursued by an EPIC revealed the CIA spied on staff members of the US Senate. (Jan. 17, 2017)
  • . Senator Richard Burr (R-NC) and Senator Mark Warner (D-VA), the Chairman and Ranking Member of the Senate Intelligence Committee, have announced a bipartisan inquiry into the Russian interference with the 2016 Presidential Election. Democratic members of the House Judiciary Committee have also pressed the FBI to confirm its investigation of President-elect Trump's ties to Russia. In a letter to FBI Director James Comey, Committee Members requested "all documentation relevant to this investigation" be provided to the Committee "as soon as possible." EPIC has filed two urgent Freedom of Information Act requests concerning Russian interference: one for records about the FBI's lax response to the foreign cyber threat, the other for the report "Russian Activities and Intentions in Recent US Elections". This week EPIC also urged the Senate Armed Services Committee to pursue an investigation. (Jan. 16, 2017)
  • . The National Academies of Sciences has released a new report that examines how disparate federal data sources can be used for policy research while protecting privacy. The NAS Statistics and Privacy Report states that privacy must be a "core value" of any use of government data and recommends that federal statistical agencies "adopt modern database, cryptography, privacy-preserving, and privacy-enhancing technologies” and "engage in collaborative research with academia and industry to continuously develop new techniques to address potential breaches of the confidentiality of their data." EPIC President Marc Rotenberg and EPIC Advisory Board member Cynthia Dwork served on the committee that developed the report. Mr. Rotenberg testified before the Commission on Evidence-Based Policymaking, which is working on increasing access to government data for policy analysis. EPIC also filed comments with the Commission urging it to promote Privacy Enhancing Techniques. (Jan. 12, 2017)
  • . EPIC has sent a statement to the Senate Commerce Committee, highlighting two significant privacy issues: drones and autonomous vehicles. The Senate Committee met this week to consider the nomination of Elaine Chao for Secretary of Transportation. EPIC sued the FAA, an agency subject to the Committee's oversight, for its failure to establish drone privacy rules, as required by Congress. EPIC also testified last year before the Committee on the risks of connected cars, EPIC has recently submitted comments on federal automated vehicles policy and filed an amicus brief in federal appeals court on the risks to consumers of connected vehicles. (Jan. 12, 2017)
  • . The Director of National Intelligence has announced new rules that permit intelligence agencies to disseminate "raw" signals intelligence without first removing or "minimizing" personal information. EPIC and other civil liberties groups opposed these changes in a letter last year to the Director, explaining that the changes would "fatally weaken existing restrictions on access to the phone calls, emails, and other data the NSA collects." The Director said that the new rules would "prohibit recipient elements from querying raw [intelligence] for a law enforcement purpose." But EPIC previously highlighted the risks of consolidating personal data in a FOIA lawsuit, EPIC v. ODNI, against the Director of National Intelligence. (Jan. 12, 2017)
  • . The Federal Trade Commission has filed a lawsuit against Internet of Things device maker D-Link. The complaint alleges that D-Link failed to use adequate security in its internet cameras and routers despite promises that the devices were "easy to secure" and used "advanced network security." The poor security practices alleged by the FTC include using easily-guessed default passwords, mishandling code-signing keys, and storing usernames and passwords in plaintext. EPIC has worked extensively on the risks of the Internet of Things, recommending safeguards for connected cars, "smart homes," and "always on" devices. In 2013, EPIC submitted comments to the FTC addressing the security and privacy risks of IoT devices. (Jan. 12, 2017)
  • . EPIC and a coalition of privacy advocates have submitted comments asking the FCC to prohibit forced arbitration clauses in communications contracts. Arbitration clauses require consumers to settle complaints in private proceedings out of court, often in inconvenient locations and before arbitrators of the company's choosing. The comments note that forced arbitration clauses allow corporations to "escape accountability for systemic harms" such as overbilling. The FCC's broadband privacy rules, adopted in October 2016, did not address forced arbitration clauses, but Chairman Wheeler announced at the FCC's October meeting that the agency had begun an internal process for rulemaking on that issue. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Jan. 12, 2017)
  • . The Federal Trade Commission has responded to EPIC's complaint about toys that spy, promising to "carefully review" the filing. EPIC's complaint, filed last month and joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, alleges that the internet-connected children's toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws. The complaint is part of coordinated, international efforts to ban these toys from the marketplace. Walmart, Toys "R" Us, and stores across Europe have already pulled the toys from their shelves. EPIC's complaint has also spurred a congressional investigation by Sen. Edward Markey (D-MA) into the data practices of toymaker Genesis Toys and speech technology developer Nuance Communications. (Jan. 11, 2017)
  • . In a letter to the Senate Committee on Homeland Security, EPIC and leading experts urged Congress to keep a close eye on the White House Homeland Security Advisor. EPIC explained that the position, equal in power to the National Security Advisor, carries "significant implications for the safety and security of the American people." EPIC said that the Homeland Security Advisor should ensure "the Russian government poses no further threats to the United States electoral system or to other democratic governments." EPIC also said that "data protection and privacy should remain a central focus" of U.S. cyber security policy. The EPIC letter was signed by distinguished experts in cyber security, information technology, encryption, and human rights law. (Jan. 10, 2017)
  • . The European Commission has released its proposal to update EU law on privacy and security safeguards for electronic communications. The revamped e-Privacy Regulation would extend important new safeguards to users of all online communications services, including email, instant messaging, and social media. The proposal would also protect both communications content and metadata, and would limit tracking of internet users. In the US, the FCC recently adopted modest privacy rules that apply only to broadband services offered by telecom companies, despite EPIC's repeated advice to the FCC to address "the full range of communications privacy issues facing US consumers." The Commission's update of the e-Privacy Directive follows the recently adopted General Data Protection Regulation, and must next be adopted by the European Parliament and European Council. (Jan. 10, 2017)
  • . EPIC has submitted an urgent Freedom of Information Act request to the Office of the Director of National Intelligence (ODNI) seeking the complete report on the Russian interference in the 2016 Presidential Election. On January 6, the ODNI released a public summary on the Russian interference, but withheld important information. EPIC is seeking expedited release of the complete, unreacted report. EPIC is also seeking records from the FBI about the agency's lax response to the foreign cyber threat. EPIC submitted a statement to the Senate Armed Services Committee hearing on Russian interference. Congress will hold a second hearing today, and a bill initiating new sanctions against Russia is expected this week. EPIC will continue to press the ODNI for prompt release of the report. (Jan. 10, 2017)
  • . In comments to the TSA, EPIC urged the agency to abandon a proposed information collection plan under the REAL ID Act. REAL ID is a federal to turn the state driver's license into a national identity statement. Many states have opposed REAL ID. The TSA now plans to subject Americans, without a TSA "compliant" ID, to broad information collection requirements. EPIC, supported by a broad coalition, opposed REAL ID because it compromised privacy and enabled government surveillance. EPIC provided detailed comments to DHS later issued a report. Since adoption of REAL ID, many states have suffered data breaches of DMVs because of criminals seeking REAL ID mandated documents. (Jan. 10, 2017)
  • . Tomorrow the Senate Judiciary Committee will begin hearings on the nomination of Senator Jeff Sessions for Attorney General. EPIC submitted a statement to the Committee, which stated “Senator Sessions’ record regarding the privacy rights of Americans raises serious questions about his selection as Attorney General.” EPIC pointed to Sessions’ support for warrantless surveillance of the American people and opposition to government oversight. Senator Sessions also opposed Apple in its dispute with the FBI and failed to support efforts to modernize the Electronic Communications Privacy Act. The Lawyers for Good Government also raised concerns about Senator Session’s support for the Privacy Act, the Freedom of Information Act, as well as his independence to “prosecute all criminal acts including those that may implicate the President of the United States.” (Jan. 9, 2017)
  • . The U.S. Supreme Court declined today to review In re Nickelodeon, a class action suit concerning privacy protections for Internet users under the Video Privacy Protection Act. Last year, a federal appeals court rejected claims that Google and Viacom had violated the statute, holding that static IP and MAC addresses are not "personally identifiable information." That opinion contradicted a previous ruling from a different federal appeals court, which held that unique IDs are personally identifiable under the video privacy law. EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly "to ensure that the underlying intent of the Act-to safeguard personal information against unlawful disclosure-is preserved as technology evolves." (Jan. 9, 2017)
  • . The White House Office of Management and Budget has released guidance establishing common standards and practices for how federal agencies manage data breaches. The Data Breach Memorandum sets out a risk-based framework for evaluating data breaches and requires each agency to develop a data breach response plan. Not all breaches will trigger individual notification under the guidance. The new guidance comes four months after a House Government and Oversight Committee report criticized the Office of Personnel Management about the 2015 data breaches that compromised the records of 22 million federal employees and family members. EPIC testified in 2009 and 2011 in support of strong data breach notification laws, filed comments with the Office of Personal Management recommending limits on data collection, and has urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information. (Jan. 4, 2017)
  • . The Senate Armed Services Committee will hold a hearing on "Foreign Cyber Threats to the United States" on January 5, 2016. EPIC submitted a statement to the Committee to alert Senators about a pending Freedom of Information Act request. The EPIC FOIA request concerns the lax response of the FBI to the Russian interference with the 2016 Presidential election. EPIC wrote “we believe that the information that we are seeking from the FBI will also be helpful to the Senate Armed Services Committee as you investigate foreign cyber threats to the United States.”“Director of National Intelligence James Clapper, National Security Agency and Cyber Command Chief Adm. Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are scheduled to testify. (Jan. 4, 2017)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.


EPIC Bookstore


George Orwell