epic.org

"Privacy And Security: An Evening Conversation With Leading Experts"

Wed, 16 May 2012 10:30:01 -0500

Marc Rotenberg,
EPIC Executive Director

Stanford Law School and Microsoft Innovation & Policy Center
Washington, D.C.
May 16, 2012

FAA Revises Drone License Procedures, Privacy Petition Still Pending

Tue, 15 May 2012 14:07:23 -0500

The Federal Aviation Administration has announced new procedures for government agencies that operate drones in the United States. The procedures will streamline the process through which government agencies, including local law enforcement, receive drone licenses. However, the FAA has so far failed to establish privacy safeguards for drone use. On February 24, 2012, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Proposes Update to Privacy Act to Address Recent Supreme Court Decision

Mon, 14 May 2012 16:57:02 -0500

Following the recent decision of the Supreme Court in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. In Cooper, the Supreme Court held that the Privacy Act "does not unequivocally authorize" compensatory damages for mental or emotional distress. Justice Sotomayor, joined by Justices Ginsburg and Breyer, wrote in dissent that "the primary, and often only, damages sustained as a result of an invasion of privacy are . . . mental or emotional distress." EPIC recommended that the Privacy Act explicitly define "actual damages" to include provable mental and emotional distress. EPIC's letter follows an earlier request from Senator Daniel Akaka (D-HI) for comment on S.1732, the Privacy Act Modernization for the Information Age Act of 2011. For more information, see, EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974.

EPIC Calls on FTC to Develop Substantive Privacy Protections at Workshop on Mobile Advertising

Fri, 11 May 2012 17:52:19 -0500

EPIC submitted comments to the Federal Trade Commission for the May 30 workshop on mobile advertising disclosures. EPIC recommended that the agency focus on the development of substantive privacy protections, such as the Consumer Privacy Bill of Rights announced by the President earlier this year, for mobile services. EPIC also recommended that the workshop address a series of problems with the "notice and consent" approach, as well as the merits of innovative, nonverbal approaches proposed by privacy scholars. The workshop follows an FTC report calling for privacy legislation and an investigation that documented privacy problems with mobile applications for children. For more information, see EPIC: Federal Trade Commission.

On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications

Fri, 11 May 2012 15:09:20 -0500

In a hearing with Federal Communications Commission Chairman Julius Genachowski, Senator Dick Durbin (D. IL.) criticized the agency's decision to issue a mere $25,000 fine against Google following the investigation of Street View data collection. (Hearing video beginning at 64:20) Senator Durbin said that Google's interception and collection of private wi-fi communication was a clear violation of privacy. Chairman Genachowski defended the agency's decision but agreed with the committee chairman that "the law should protect people even if they have unencrypted wi-fi." Senator Durbin said that he would consider changes to the law if that is necessary. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision not to find Google guilty of violating the Communications Act. EPIC has a similar FOIA request pending with the agency. For more information, see EPIC: FCC Investigation of Google Street View and EPIC: Electronic Communications Privacy Act.

Federal Appeals Courts Sides with NSA, Rejects EPIC's Arguments that Agency Should Provide Information About Collaboration with Google

Fri, 11 May 2012 13:32:20 -0500

The DC Circuit Court of Appeals ruled today the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media. EPIC filed a Freedom of Information Act (FOIA) request with the NSA following a cyber attack in January 2010 that led Google to contact the NSA. The NSA refused to either confirm or deny the existence of responsive records, claiming that such information is exempt from disclosure under the NSA Act. EPIC challenged this "Glomar" response and argued that the agency had a responsibility to locate records that could be disclosed, but a lower court ruled in favor of the NSA and the appellate court affirmed. EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. For more information, see EPIC v. NSA: Google / NSA Relationship.

EPIC Stresses Need For Privacy Evaluation in Drone Testing

Wed, 09 May 2012 12:13:06 -0500

In comments to the Federal Aviation Administration (FAA), EPIC emphasized the need for transparency and accountability in drone operations, and recommended the development of privacy protections before drones are more widely deployed in the US. The FAA Notice of Proposed Rulemaking set out proposed criteria for drone testing. Congress has tasked the FAA with facilitating the use of drones in the domestic airspace. February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

Myspace Settles With FTC Over Deceptive Practices Complaint

Tue, 08 May 2012 15:57:50 -0500

The Federal Trade Commission has reached a settlement with the social networking service Myspace over charges that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. Advertisers were able to access the unique "Friend ID" of users and link this identifier to other personal information. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy.

2011 FISA Orders Up, National Security Letters Down, No Surveillance Request Denied

Fri, 04 May 2012 11:07:22 -0500

According to the 2011 Foreign Intelligence Surveillance Act (FISA) Report the Justice Department submitted 1,745 applications to the Foreign Intelligence Surveillance Court, a 10.5% increase over 2010. Of the 1,745 FISA search applications, 1,676 concerned electronic surveillance. The FISA court did not deny any applications, though it did modify 30 applications. Also in 2011, the FBI made 16,511 National Security Letter requests for information pertaining to 7,201 different U.S. persons. This is a substantial decrease from the 24,287 national security letter requests concerning 14,212 U.S. persons in 2010. The annual report on FISA, released by the Department of Justice, is far less extensive than the annual wiretap report, produced by the Administrative Office of the US Courts. EPIC has recommended greater accountability for the FISA Court. For more information, see: EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2011 and EPIC: Foreign Intelligence Surveillance Act.

Classified Report Finds Vulnerabilities in Body Scanner Program

Fri, 04 May 2012 10:39:02 -0500

The Department of Homeland Security Office of Inspector General has completed an investigation into the effectiveness of the body scanner program as deployed in airports as a primary passenger screening system. The unclassified summary of the report notes that several vulnerabilities were found in the program, which has already cost more than $87 million. The full report consists of "Sensitive Security Information" (SSI) and will not be released to the public, according to the Inspector General. EPIC has challenged the SSI designation, arguing that it is an improper standard for classification. The Government Accountability Office, technical experts, Members of Congress, and bloggers have also questioned the effectiveness of the devices. In a federal lawsuit, EPIC challenged the body scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners).

Following Maryland, Congress and California Consider Bills Banning Employers From Asking for Facebook Passwords

Tue, 01 May 2012 14:17:22 -0500

Reps. Eliot Engel (D-NY) and Jan Schakowsky (D-IL) introduced the Social Networking Online Protection Act, a bill that would prohibit employers, colleges, universities, and K-12 schools from seeking usernames or passwords for the social media accounts of employees or students. Similar legislation was introduced in California. Maryland became the first state to ban employers from asking employees or applicants for social networking passwords. Senators Blumenthal and Schumer have asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy.

FOIA "Ombudsman" Releases Open Government Report

Tue, 01 May 2012 14:10:35 -0500

In response to several demands from Congress, the Office of Government Information Services (OGIS) has released a long-delayed report with recommendations to improve the administration of the Freedom of Information Act. The report addresses several FOIA processing issues, but doesn't examine the significant issue of delays in FOIA processing and efforts by agencies - such as the Department of Justice - to create new obstacles for FOIA requestors. And OGIS did not address EPIC's pending request to determine whether DHS's practice of vetting FOIA requests by political appointees is permissible. For more information, see EPIC: Open Government.

Following EPIC FOIA Request to FCC, Google Releases "Spy-Fi" Report

Mon, 30 Apr 2012 16:30:10 -0500

Shortly after EPIC filed a Freedom of Information Act request with the Federal Communications Commission for the unredacted version of its report on Google Spy-Fi, Google has released a mostly unredacted version of the report. The FCC Report undercuts the company's prior statements that a rogue engineer was responsible for the payload data collection. Instead, it indicates that Google intentionally intercepted payload data for business purposes and that many supervisors and engineers within the company reviewed the code and the design documents associated with the project. EPIC will continue to press for more details on the investigation through FOIA requests to the Federal Communications Commission and the Department of Justice. For more information see EPIC: Investigations of Google Street View.

Drone Summit: Killing and Spying by Remote Control

Sat, 28 Apr 2012 13:14:07 -0500

Drone Summit: Killing and Spying by Remote Control

Amie Stepanovich,
EPIC National Security Counsel

CodePink

Washington, D.C.
April 28, 2012

EPIC Appeals Denial in Surveillance Export FOIA Request; Files Follow-Up Request

Fri, 27 Apr 2012 18:15:43 -0500

EPIC has appealed a denial of a Freedom of Information Act request that sought records concerning the sale of surveillance technology by U.S. companies to repressive regimes like Syria and Yemen. "The failure to adequately justify the claim that no segregable portions of records exist violates FOIA, especially given the past practice of releasing aggregate data in response to substantially similar requests," the appeal states. EPIC also filed a follow-up request to the Department of Commerce seeking records related to the agency's investigation of companies like Blue Coat Systems, which sold surveillance devices to Syria. Recently, President Obama signed an executive order authorizing U.S. officials to impose sanctions against persons involved in the use of information and communications technology to facilitate human rights abuses in Syria and Iran. For more information, see EPIC: Freedom of Information Act.