Previous Top News: 2019


  • EPIC has filed a Freedom of Information Act lawsuit to obtain the final report by Special Counsel Robert Mueller concerning Russian interference in the 2016 U.S. presidential election. Attorney General William Barr notified Congress on Friday that the Special Counsel had delivered the final report. EPIC submitted a Freedom of Information Act request to the Department of Justice in November 2018 seeking records about the investigation, including any reports prepared by the Special Counsel. The Special Counsel was authorized to conduct an investigation into Russian interference, including "any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump." Special Counsel Mueller has since brought criminal charges against 34 individuals and three organizations. EPIC, through its Democracy and Cybersecurity Project, has pursued multiple FOIA cases concerning Russian interference with the 2016 election, including EPIC v. FBI (response to Russian cyberattacks), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), EPIC v. IRS II (release of Trump's offers-in-compromise), and EPIC v. DHS (election cybersecurity). The case for the release of the Muller Report is EPIC v. DOJ, No. 19-810 (D.D.C.) [Exhibits]. (Mar. 22, 2019)

  • EPIC has filed an amicus brief urging the Supreme Court to protect the public's right to access commercial information held by federal agencies. EPIC described several of its own FOIA case -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. EPIC also warned that private parties, "acting on behalf of public agencies and with public funding," often hide their activities. EPIC wrote, "The public must have access to commercial information in agency records to conduct effective oversight of government programs that implicate privacy." EPIC has filed several amicus briefs for the US Supreme Court and other federal courts in Freedom of Information Act cases. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the brief. The case is Food Marketing Institute v. Argus Leader Media, No. 18-481. (Mar. 22, 2019)

  • A new White House website "Artificial Intelligence for the American People" emphasizes "AI for American Innovation, AI for American Industry, AI for the American Worker, and AI with American Values," but still provides no opportunities for public input. The National Commission on Artificial Intelligence, tasked with advising the federal government on AI policy, also recently held its first meeting in secret. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC has urged US support for the Universal Guidelines for AI, a policy framework emphasizing fairness, accountability, and transparency for AI systems. (Mar. 21, 2019)

  • U.S. Senators Roy Blunt [R-MO] and Brian Schatz [D-HI] introduced a bill to protect consumers from companies collecting facial images. Senator Schatz said: "Our faces are our identities. They're personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces." EPIC previously urged the FTC to stop Facebook's use of facial recognition to capture personal identity. In 2018, EPIC charged that Facebook's facial recognition practices lacks privacy safeguards and violate the 2011 Consent Order with the FTC. EPIC has urged the FTC to #EnforceTheOrder as a one-year deadline approaches. (Mar. 21, 2019)

  • In his dissenting opinion in Frank v. Gaos, Justice Thomas set out two key guidelines for future consumer privacy litigation. First, Justice Thomas said that consumer privacy cases could go forward when a "private right" is violated, such as when a violation of a federal privacy law is alleged. The Supreme Court adopted a somewhat more narrow standard in the Spokeo v. Robbins case. Second, Justice Thomas made clear that class action settlements must provide a "meaningful" benefit to class members, which could include monetary relief or a change in business practices. Justice Thomas opposed the settlement in Gaos, explaining "because the class members here received no settlement fund, no meaningful injunctive relief, and no other benefit whatsoever in exchange for the settlement of their claims...." Justice Thomas did not rule out cy pres remainder settlements for "disposing of unclaimed or undistributable class funds" or cy pres-only settlements that provide some actual benefit to class members. EPIC set out very similar views in an amicus brief for the Supreme Court in the Gaos case, in related amicus briefs on standing and in court filings on class action fairness, as well as an academic article calling for reform of cy pres settlements. (Mar. 21, 2019)

  • The Supreme Court today sent Frank v. Gaos back to the lower courts because the Court could not decide if the proposed settlement in a privacy case was "fair, reasonable, and adequate" or if the case was properly before the Court. The case involves Google's disclosure of search histories to third parties without consent, a business practice that could violate several privacy laws. Under the terms of the settlement, there was no benefit to Internet users and Google was not prohibited from continuing the allegedly unlawful practice. In an amicus brief, EPIC stated, "the proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several organization objected to the original settlement on three separate occasions. EPIC routinely opposes settlements that fail to provide an actual benefit to Internet users. In this case, the Justices ordered the parties to address whether the Spokeo v. Robbins decision permits consumer privacy to go forward. EPIC filed a brief in Spokeo in support of consumers, and has filed similar briefs siding with consumers in several other cases. (Mar. 20, 2019)

  • EPIC joined civil liberties organizations this week in a statement to the House Judiciary Committee, calling for a permanent end to the NSA's phone record collection program. The groups asked that Congress to "hold hearings and make public information critical to permit an informed debate over the reauthorization of Section 215 and other provisions of the Patriot Act, which are set to expire December 15, 2019." The National Security Agency has reportedly ended the collection of Americans' phone records. The USA Freedom Act limited the NSA's bulk collection program. The NSA also acknowledged compliance problems and opposition to renewal is growing. In 2013, EPIC filed a petition with the Supreme Court, challenging the lawfulness of the NSA program. EPIC previously called for an end to the phone record collection program. (Mar. 20, 2019)

  • In a New York Times op-ed, Congressman David Cicilline (D-RI), Chairman of the House Judiciary Committee's Subcommittee on Antitrust, has asked the FTC to investigate Facebook for violating antitrust laws. Citing EPIC's work, Chairman Cicilline said "For years, privacy advocates have alerted the commission that Facebook was likely violating its commitments under the agreement. Not only did the commission fail to enforce its order, but by failing to block Facebook's acquisition of WhatsApp and Instagram, it enabled Facebook to extend its dominance." Rep. Cicilline made clear that data merger deals implicate competition law, which EPIC has long argued. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. EPIC has launched the #EnforceTheOrder campaign to urge action on the consent order. (Mar. 19, 2019)

  • On Tuesday, March 19 at 2 pm, EPIC will host a press conference moderated by EPIC President Marc Rotenberg. The event will take place at the Fund for Constitutional Government, on Capitol Hill, across the street from the US Supreme Court. Participants include speakers from U.S. PIRG, Public Citizen, and EPIC. The event will focus on Facebook, the Federal Trade Commission, privacy and the 2011 consent order. EPIC has launched the #EnforceTheOrder Campaign to urge action on the consent order. In 2011, the agency issued a sweeping order against Facebook. The FTC Chairman said at the time, "Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users. Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not." Press advisory. Flyer. (Mar. 18, 2019)

  • EPIC has filed an urgent Freedom of Information Act request to the Federal Trade Commission seeking all pending complaints. As a result of the extensive work of consumer organizations, the Commission issued a consent order against Facebook in 2011 barring the company from making any future misrepresentations about the privacy and security of a user's personal information. But the FTC has failed to issue any fines or declare any of Facebook's actions, including the Cambridge Analytical scandal, a violation of the consent order. The FTC has also not published the number of pending consumer complaints against Facebook. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder. (Mar. 18, 2019)

  • EPIC, joined by other privacy groups, submitted comments on the FAA’s interim final rule for external ID for drones. The proposal requires the external display of registration numbers on drones. While EPIC agreed external marking are preferable to hidden identifiers, EPIC said the rule did not go far enough. EPIC wrote, “Because drones present substantial privacy and safety risks, EPIC recommends that the FAA require any drone operating in the national airspace system to broadcast location when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information[.]” EPIC also suggested the agency require operators register and broadcast surveillance capabilities. EPIC has long advocated for remote identification mandates for drones and petitioned for regulation of these surveillance tools. (Mar. 15, 2019)

  • The National Security Commission on Artificial Intelligence held its first meeting this week, in secret. The Commission is tasked with advising the federal government on artificial intelligence. The Commission was established by the National Defense Authorization Act. Federal law requires commissions to operate transparently, yet the AI Commission provided no notice of the meeting and no opportunity for public participation. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC is now seeking the public release of the documents distributed at the AI Commission meeting. (Mar. 15, 2019)

  • In response to EPIC's Freedom of Information Act lawsuit, the National Archives has provided an index of Justice Kavanaugh's records that contains an accounting of all records released by the National Archives so far. The letter includes an index of all e-mail and text files, including those withheld in full or in part. There was unprecedented secrecy surrounding the nomination of Judge Kavanaugh to the Supreme Court. EPIC's FOIA lawsuit and a related request by Senator Richard Blumenthal resulted in the public release of hundreds of thousands of pages about Judge Kavanaugh's work in the White House. The records include communications between Kavanaugh and John Yoo, the architect of the warrantless surveillance program. (Mar. 14, 2019)

  • The U.S. Department of State has released the annual report on human rights practices across the globe. The State Dept. report reviews adherence to "internationally recognized individual, civil, political, and worker rights, as set forth in the Universal Declaration of Human Rights and other international agreements," including the arbitrary or unlawful interference with privacy. The 2018 report highlights China's social credit system which "quantifies a person's loyalty to the government by monitoring citizens' online activity and relationships." The report also cites the Indian Supreme Court ruling that privacy is a fundamental right and Turkish authorities' investigation of more than 45,000 social media accounts between 2016 and April 2018. Two EPIC publications - The Privacy Law Sourcebook 2018 and Privacy and Human Rights: An International Survey of Privacy Laws and Developments - provide a comprehensive overview of privacy frameworks around the world and track emerging privacy challenges. (Mar. 14, 2019)

  • Bipartisan legislation governing the Internet of Things was introduced this week in the Senate and House of Representatives. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 in the Senate, and Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) filed the bill in the House. The legislation would require the National Institute of Standards and Technology to set baseline security standards for Internet-connected devices. EPIC has diligently advocated for stronger regulation of IoT, and called attention to the privacy and security risks of connected cars in comments to NTHSA, complaints to the CFPB, congressional testimony, FTC workshops, petitions to NHTSA and an amicus brief to Ninth Circuit. (Mar. 14, 2019)

  • A report from the FOIA Project places EPIC among the top FOIA litigators in the United States, as measured by the number of FOIA lawsuits filed between 2001 and 2018. The FOIA Project provides comprehensive information on federal FOIA matters, including initial FOIA requests, administrative appeals, and FOIA lawsuits, and is operated by the Transactional Records Access Clearinghouse. The 2018 report on litigation by nonprofit groups finds that EPIC has filed a total of 74 FOIA lawsuits between 2001 and 2018, approximately divided between Democratic and Republican administrations. The other groups in the top 5 are Judicial Watch (391), ACLU (130), PEER (94), and CREW (88). EPIC celebrated Sunshine Week with the 2019 EPIC FOIA Gallery, highlighting important EPIC FOIA cases from the past year. (Mar. 14, 2019)

  • In advance of a hearing on the 2020 Census, EPIC has sent a statement to the House Oversight Committee urging Congress to require the Census Bureau to remove the citizenship question from the 2020 census. EPIC told the Committee that the Census Bureau failed to complete privacy impact assessments required by law. "Congress made clear that data collection simply could not occur without the completion of these assessments" EPIC explained. In EPIC v. Commerce, a case now before the D.C. Circuit Court of Appeals, EPIC recently filed an opening brief to block the Census Bureau from collecting citizenship data in the 2020 Census. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that "major privacy risks have not been addressed by the agency." (Mar. 13, 2019)

  • In advance of a hearing on the Freedom of Information Act, EPIC highlighted several recent open government cases. EPIC told the Committee about documents EPIC obtained through FOIA requests and litigation, including documents EPIC obtained, widely reported this week, about the plan to expand facial recognition at US airports. EPIC also described records obtained from the Federal Trade Commission about the agency's failure to enforce the consent order against Facebook. And EPIC described the open government case against the IRS seeking the release of President Trump's tax returns. Since 2001, EPIC has published an annual FOIA gallery in honor of Sunshine Week. (Mar. 13, 2019)

  • The Eleventh Circuit has issued a decision in Jackson v. McCurry. A student's family filed the case after school officials searched her cell phone without probable cause. The appeals court ruled against the the student because the law limiting searches of student cell phones was not "clearly established." EPIC filed an amicus brief, arguing that searches of student phones should be "limited to those circumstances when it is strictly necessary" after the Supreme Court's decision in Riley v. California. EPIC wrote that "most teenagers today could not survive without a cellphone." The court recognized the need to limit school searches of cell phones, noting that "the reasoning of Riley treats cellphone searches as especially intrusive in comparison to searches incident to arrest of personal property" and that "a search of a student's cellphone might require a more compelling justification than that required to search a student's other personal effects." However, the court refused to hold that this right was "clearly established." EPIC routinely files amicus briefs in cases raising new privacy issues. EPIC has also long advocated for greater student privacy protections, including a Student Privacy Bill of Rights. (Mar. 13, 2019)

  • After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program. The Senators stated that "DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether." Today EPIC filed a Freedom of Information lawsuit, EPIC v. CBP, to determine whether the agency is allowing travelers to opt-out of facial recognition. EPIC's earlier lawsuit against the DHS led to the removal of backscatter x-ray devices at US airports. (Mar. 12, 2019)

  • Senators Edward Markey (D-Mass.) and Josh Hawley (R-Mo.) have introduced legislation to update the Children's Online Privacy Protection Act (COPPA). The bill bans internet companies from collecting personal or location information from children under 13 without parental consent and from teens ages 13-15 without the user's consent. EPIC testified before Congress in support of the original children's privacy law and backed the 2013 regulations that updated the law. EPIC recently submitted comments in support of the FTC's proposed extension of the information collection requirements for COPPA, but said the law "would be more effective if the FTC established new limits on how firms can collect and use children's data." (Mar. 12, 2019)

  • EPIC has filed a Freedom of Information Act lawsuit to determine whether the U.S. government is allowing travelers to opt-out of facial recognition at airports. The "alternative screening procedures" should allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens" according to the CBP. But research by EPIC indicates that Custom and Border Protection has modified the program, making it increasingly difficult for travelers to opt-out. This week, Buzzfeed featured documents EPIC obtained about this flawed facial recognition program, which the Administration is seeking to establish at all U.S. airports. EPIC has urged Congress to suspend the CBP Biometric Entry-Exit program until privacy safeguards and meaningful opt-out procedures are established. The case is EPIC v. CBP, No. 19-cv-689 (D.D.C. March 12, 2019). (Mar. 12, 2019)

  • Senator Josh Hawley (R-MO) has sent a letter to the Federal Trade Commission urging a more aggressive approach to privacy protection. Senator Hawley outlined the many privacy violations by tech giants in recent years, including Facebook's failure to honor the promises it made when it acquired WhatsApp, Google's use of location data, and the disclosure of personal information to third parties by many platforms. "There is no excuse for inaction," Senator Hawley said. Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder, @FTC. (Mar. 11, 2019)

  • Prior to a hearing on "GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation," EPIC has sent a letter and related materials to the Senate Judiciary Committee advising on federal privacylegislation. EPIC Executive Director Marc Rotenberg recently wrote in the New York Times, "There is still much that Congress can do to strengthen privacy protections for Americans. Enacting federal baseline legislation and establishing a data protection agency would be a good start." EPIC also sent the Committee EPIC commentaries from the Financial Times, Techonomy, the OECD Observer, and the Harvard International Review. (Mar. 11, 2019)

  • At the start of Sunshine Week, Buzzfeed featured documents obtained by EPIC about a deeply flawed facial recognition program that could impact all U.S. travelers returning to the United States. The documents, released following an EPIC FOIA request, describe the Administration's plan to extend a faulty CBP pilot program to TSA, ICE, and the Coast Guard. Documents previously obtained by EPIC, following a lawsuit against DHS, found similar problems with a facial recognition program at the southern border. (Mar. 11, 2019)

  • Speaking to the Going Digital Summit of the OECD in Paris, EPIC President Marc Rotenberg urged the OECD to adopt a bold framework for AI that will safeguard fundamental rights. "The OECD is uniquely situated to put forward an international framework that spurs innovation, and protects democratic institutions and human rights," said Mr. Rotenberg. The OECD Civil Society Advisory Council has promoted the Universal Guidelines for AI, a policy framework endorsed by more than 250 experts and 60 associations in more than 40 countries. (Mar. 11, 2019)

  • In celebration of Sunshine Week, EPIC has unveiled the 2019 FOIA Gallery. Since 2001, EPIC has published annually highlights of EPIC’s most significant open government cases and Freedom of Information Act requests. In 2018, EPIC obtained e-mails about mass surveillance programs developed by Justice Kavanaugh as a White House legal advisor, records about the controversial DHS "media monitoring program," communications between the FTC and Facebook about the agency's failure to enforce the 2011 Consent Order, and documents that revealed obscure travel blacklists in the "SecureFlight" program. In the latest FOIA gallery, EPIC also highlight a significant ruling from the D.C. Circuit in EPIC v. IRS where the court stated that the IRS "misunderstands its FOIA disclosure obligations." This is one of two cases EPIC filed to obtain the public release of President Trump's tax records. In EPIC v. IRS, the district court noted that President Trump tweeted, "For the record, I have ZERO investments in Russia. Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING!" (Mar. 11, 2019)

  • EPIC has submitted urgent Freedom of Information Act requests to the Department of Homeland Security (USCIS and the Office of Immigration Statistics) and the Census Bureau for records about the planned transfer of personal data from DHS to the Census Bureau. After a federal judge in California ruled that adding a citizenship question to the 2020 Census was unconstitutional, the AP reported that DHS would disclose to the Census Bureau personal data, including names, addresses, birth dates, Social Security numbers, and alien registration numbers. The Census Bureau confirmed that the agency was preparing an agreement with DHS to “receive administrative records.” In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.). (Mar. 8, 2019)

  • In a Senate Judiciary Committee hearing earlier this week, Senator Richard Blumenthal said that antitrust enforcers must consider unwinding anticompetitive mergers. “Over the past decade tech companies have in effect been given a free pass by antitrust regulators,” Senator Blumenthal said. "Facebook perhaps should never been allowed to acquire Instagram, Google to acquire DoubleClick. I have come to the conclusion that maybe post merger, some of these transactions should be challengeable, rarely done, but still challengeable, especially when the merger is approved on conditions that are then violated.” Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. (Mar. 7, 2019)

  • In a report released this week, the Senate Homeland Security Investigations Subcommittee found that Equifax was aware of cybersecurity weaknesses for years before the massive breach in 2017, which affected 148 million U.S. consumers. The Senate report found that Equifax chose "efficient business operations rather than security protocols" that allowed a foreign government to access the authenticating details, including dates of birth and SSNs, of American consumers. In December, the House Committee on Oversight released a report which found that the Equifax breach was "entirely preventable." Following the Equifax data breach, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft. (Mar. 7, 2019)

  • A federal court in California has blocked the Census Bureau from adding a citizenship question to the 2020 Census, becoming the second court to do so. The court found that the Bureau made an arbitrary decision to include the citizenship question, then engaged in a "cynical search to find some reason, any reason" to "justify that preordained result." A federal court in New York recently blocked the citizenship question in a different case, but the Supreme Court is set to review that decision. In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.). (Mar. 6, 2019)

  • The DHS Privacy Advisory Committee issued final recommendations on facial recognition use at the border. The report examined transparency, data minimization, data quality and integrity, and accountability and auditing. The report said entrants to the U.S. need notice of their rights and how to exercise those rights. The final recommendations differed only slightly from the draft recommendations. In response to EPIC's comments, the final report included recommendations for increased reporting and research of facial recognition accuracy. However, the DHS report failed to address the lack of legal authorization for the facial recognition program or establish that the program is necessary for national security. (Mar. 6, 2019)

  • In advance of a hearing on border security, EPIC sent a statement to the House Committee on Homeland Security urging an examination of surveillance programs in use at the border. EPIC asked the Committee to examine the warrantless searches of mobile devices, social media profiling, and the use of drones. EPIC has filed several FOIA lawsuits against DHS regarding these surveillance activities, warning that border surveillance programs often capture the personal data of Americans. A previous FOIA lawsuit EPIC v. CPB uncovered Palintir's role in the development of the Analytical Framework for Intelligence, a program that assigns "risk assessment" scores to travelers, including U.S. citizens. (Mar. 5, 2019)

  • Prior to a hearing on "Inclusion in Tech: How Diversity Benefits All Americans," EPIC has sent a statement to a House committee. EPIC said that "algorithmic transparency" could reduce bias and help ensure fairness in automated decisionmaking. EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC, Color of Change, the Open Markets Institute, and others have also urged the FTC to require Facebook to reform is hiring practices. "If the company wishes to connect the world," EPIC and the groups wrote, "it must also be prepared to reflect the world in all of its decision-making." (Mar. 5, 2019)

  • The National Security Agency has reportedly ended the controversial collection of Americans' phone records. The USA Freedom Act limited the NSA's bulk collection program. However, the NSA has acknowledged compliance problems and doubts remain about renewal of the program later this year. Now, a senior Hill aide has said the NSA "hasn't actually been using it for the past six months" and it is not clear "that the administration will want to start that back up." In 2013, EPIC filed a petition with the U.S. Supreme Court, challenging the lawfulness of the program. EPIC and a coalition have since called attention to the NSA's failure comply with the requirements of the Freedom Act. EPIC previously called for an end to the phone record collection program. (Mar. 5, 2019)

  • With the one-year deadline of the reopening of the Facebook investigation approaching, EPIC has launched the campaign #EnforceTheOrder. EPIC is urging the Federal Trade Commission to act before March 26, 2019. Many experts, including former FTC Chief Technology Officer Ashkan Soltani, Senator Richard Blumenthal, and former FTC Chair William Kovacic, have said that Facebook violated the consent order. EPIC has also joined with Color of Change, the Open Markets Institute and others to urge the FTC to impose a significant fine and also to break up the company, reform hiring and management practices, and install a director to represent users. Follow EPIC at @EPICprivacy for the latest on the campaign. Join us. Tweet why enforcement matters to you. Include #EnforceTheOrder @FTC @facebook. (Mar. 5, 2019)

  • In response to EPIC's Freedom of Information Act request, the Federal Bureau of Investigation has released documents (part 1, part 2, part 3) concerning the agency's use of National Security Letters to obtain information from the media. The disclosure to EPIC includes a revised policy that followed criticisms of government surveillance of journalists. In an earlier amicus brief, EPIC recommended enhanced oversight of National Security Letters. (Mar. 4, 2019)

  • EPIC has filed an opening brief in the appeal to block the Census Bureau from collecting citizenship data in the 2020 Census. EPIC told the D.C. Circuit that the Census Bureau failed to complete privacy impact assessments required by law. “This uninformed data collection by a federal agency is precisely what the E-Government Act prohibits,” EPIC explained. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that “major privacy risks have not been addressed by the agency.” EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.). (Mar. 2, 2019)

  • Reps. Brenda Lawrence (D-MI) and Ro Khanna (D-CA) have introduced a Congressional resolution calling for guidelines for the ethical development of artificial intelligence. The Ethical AI resolution sets out core principles, including transparency, accountability, fairness, privacy protection, public engagement, education, and safety. EPIC has proposed similar principles, the Universal Guidelines for Artificial Intelligence as the basis for AI legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC previously urged lawmakers to appoint AI Commission members who support the Universal Guidelines. (Feb. 28, 2019)

  • EPIC has filed a brief with the European Court of Human Rights detailing the public safety and privacy risks of government hacking. Privacy International v. United Kingdom asks whether remote hacking by UK intelligence services violates the European Charter of Fundamental Rights. The Court recently granted EPIC's request to intervene in the case. "Hacking tools stockpiled by governments could be used by criminals to mount cyberattacks," EPIC's brief states. EPIC also explained that "Government hacking weakens security safeguards." EPIC has long advocated for strong cybersecurity policies. (Feb. 28, 2019)

  • TikTok settled with the FTC for $5.7 million over allegations that the Chinese video app company violated the Children's Online Privacy Protection Act. The FTC complaint alleges that TikTok violated COPPA by collecting personal information from kids without parental consent. The $5.7 million fine is the Commission's largest COPPA penalty. The Commission's vote was unanimous. EPIC helped enact the children online privacy law and regularly submits comments to the FTC on children's privacy issues. (Feb. 27, 2019)

  • The FTC announced a new task force dedicated to monitoring U.S. technology markets and investigating anticompetitive conduct. FTC Chairman Joe Simons said "it makes sense for us to closely examine technology markets to ensure consumers benefit from free and fair competition." According to the FTC, the Technology Task Force will examine "prospective merger reviews" and will review "consummated technology mergers." EPIC objected to Facebook's acquisition of Whatsapp in 2014 and Google's acquisition of DoubleClick in 2007. EPIC has called on the FTC to require Google to divest Nest, after reports that the company hid listening devices in the home thermostat, and pressed the Commission to use its equitable authorities, including divestiture, to enforce consent orders. (Feb. 26, 2019)

  • The D.C. Circuit has scheduled oral argument for May in EPIC's expedited appeal to block the Census Bureau from collecting citizenship information in the 2020 Census. EPIC alleges that the Bureau failed to complete privacy impact assessments required by the E-Government Act before adding the question. A lower court denied EPIC's motion for a preliminary injunction, agreeing that the Bureau is required to conduct the detailed assessments, but oddly concluding that it is not required to do so "until the Bureau mails its first batch of Census questionnaires to the public"—a view entirely at odds with the relevant law. A federal court in New York recently blocked the citizenship question in a different case, but the Supreme Court will now review that decision. EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.). (Feb. 26, 2019)

  • European Data Protection Supervisor Giovanni Buttarelli released the 2018 EDPS annual report. Among recent accomplishments are the 2018 Conference on Digital Ethics, adoption of an EU-Japanese data transfer deal, and implementation of the GDPR. At a press conference for the report's release, Buttarelli also recommended that the United States enact a federal privacy law, ratify the Council of Europe Privacy, Convention, and resolve long-standing concerns about mass surveillance. "In my opinion, bulk collection as such is not fully compatible with our system," Buttarelli said. EPIC has long recommended that the United States ratify the International Privacy Convention. EPIC has always proposed changes to Section 702 of the Patriot Act, which permits the bulk collection of the personal data of Europeans. (Feb. 26, 2019)

  • EPIC and a coalition of civil society organizations told the Australian Parliament that a law allowing police to require weak security for tech products should be amended. The Parliament reopened debate over the "Assistance and Access" law, broadly denounced as a threat to security and freedom of expression. Following earlier comments, the coalition has now called on the Australian Parliament to narrow the law. EPIC has long advocated for strong encryption, led the campaign against the Clipper Chip, and published the first global survey on Cryptography and Liberty. And when the FBI sued Apple in 2016 for refusing to allow law enforcement access to iPhones, EPIC filed an amicus brief in support of Apple arguing the FBI's demand "places at risk millions of cell phone users across the United States." (Feb. 25, 2019)

  • The European Court of Human Rights has accepted EPIC's request to intervene in a case concerning the legal standards for government remote hacking. Privacy International v. United Kingdom asks whether remote hacking or the use of malware by UK intelligence services violates the European Convention on Human Rights. Privacy International alleged that the hacking violates Articles 8 and 10 of the Convention, which protect right to privacy and the right to freedom of expression. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone. (Feb. 25, 2019)

  • A federal court in Washington, D.C. has ruled that EPIC's open government case against the FAA's Drone Advisory Committee can go forward. EPIC filed suit last year against the Committee, which has conducted much of its work in secret and ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. The government asked the court to dismiss EPIC's suit, but the court was "unconvinced by Defendants' arguments" and indicated that the government must "provide the full list of [Committee] records" to EPIC. However, the Court ruled that the Committee did not need to release the records of its secretive subcommittees. EPIC intends to challenge that part of the court's decision. The case is EPIC v. Drone Advisory Committee, No. 18-833 (D.D.C.). (Feb. 25, 2019)

  • EPIC has submitted an open records and meetings request concerning the National Security Commission on Artificial Intelligence. Congress established the AI Commission in August "to review advances in artificial intelligence" and ordered the Commission to publish a report by February 9. Yet no information has been disclosed about the Commission's plans, operations, or findings to date. The Commission includes executives from Google, Amazon, Microsoft, and Oracle and several former Department of Defense officials. Last year, EPIC—joined by nearly 100 experts and leading scientific organizations including AAAS, ACM, FAS, and IEEE—successfully petitioned the White House Select Committee on Artificial Intelligence to incorporate public input in the committee's work. EPIC has also proposed the Universal Guidelines for Artificial Intelligence as the basis for AI legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. EPIC previously urged lawmakers to appoint AI Commission members who support the Universal Guidelines. (Feb. 22, 2019)

  • In response to EPIC's Freedom of Information Act lawsuit, the National Archives has just released thousands of records about Justice Kavanaugh work in the White House Counsel's office after 9-11. The records include e-mails from 2002-2003, briefings, meeting memos, and correspondence, and office files about anti-terrorism legislation and access to presidential records. Emails previously released to EPIC revealed that Kavanaugh and John Yoo, architect of the warrantless surveillance program overturned by the US Congress, exchanged messages about the development of domestic surveillance programs. During the Supreme Court nomination hearing, EPIC warned the Senate that the nominee has shown little regard for the Constitutional privacy rights of Americans as a top White House legal advisor and then as a federal appellate judge. (Feb. 22, 2019)

  • A coalition of consumer groups sent a complaint to the FTC, charging that Facebook engaged in unfair and deceptive practices and violated the Children's Online Privacy Protection Act after court documents from a 2012 class action lawsuit revealed that Facebook encouraged children to make credit card purchases on Facebook's platform. Parents and minors repeatedly complained about the credit card charges, but the documents indicate that the company refused to refund charges and set up a complex complaint system to deter refund requests. EPIC helped enact the children online privacy law and regularly submits comments to the FTC on children's privacy issues. (Feb. 21, 2019)

  • The Federal Aviation Administration has published an interim final rule that will require a visible registration number on the exterior of drones. Previously, registration numbers could be hidden inside drones. EPIC supported improved drone identification, but has urged the FAA to go much further. In extensive comments to the FAA, EPIC wrote that drones should broadcast location, course, and operator identification, much like the Automated Identification Systems for planes and boats. EPIC also sued the FAA to force the agency to establish national rules to limit drone surveillance. EPIC is currently pursuing records about a key FAA task force, trying to understand why the agency has not promoted better privacy safeguards in the US. Comments on the FAA rule on "External Marking Requirement for Small Unmanned Aircraft" are due March 15, 2019 (Docket: FAA-2018-1084). EPIC recommends that commentators ask the FAA to establish stronger requirements for remote identification of drones. (Feb. 21, 2019)

  • EPIC has asked the D.C. Circuit Court of Appeals to hold oral argument by April in EPIC v. Commerce, EPIC's expedited appeal to block the Census Bureau from collecting citizenship information in the 2020 Census. EPIC alleges that the Bureau failed to complete privacy impact assessments required by the E-Government Act before adding the question. A lower court denied EPIC's motion for a preliminary injunction, agreeing that the Bureau is required to conduct the detailed assessments, but oddly concluding that it is not required to do so "until the Bureau mails its first batch of Census questionnaires to the public"—a view entirely at odds with the relevant law. A federal court in New York recently blocked the citizenship question in a different case, but the Supreme Court will now review that decision. EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's appeal is captioned EPIC v. Commerce, No. 19-5031 (D.C. Cir.). (Feb. 21, 2019)

  • Following reports that Google installed secret listening devices in the homes security product Nest, EPIC asked the Federal Trade Commission to require Google to spin-off Nest and to disgorge the data obtained from Nest users. It is a federal crime to intercept private communications or to plant a listening device in a private residence. In 2014, EPIC filed a complaint with the Commission regarding a related merger review and noted specifically that the "Commission clearly failed to address the significant privacy concerns presented in the Google acquisition of Nest." EPIC also said at the time that the "early termination" approval of the Google/Nest merger was surprising given the Commission's extensive consideration of the Google acquisition of Doubleclick. Both the Senate Commerce Committee and the House Energy and Commerce Committee have expressed interest in merger review in the tech industry. (Feb. 20, 2019)

  • The UK House of Commons published the report "Disinformation and 'fake news'" following an eighteen-month investigation of Facebook. The report found that if Facebook had fully complied with the FTC settlement, Cambridge Analytica would not have happened. The UK report stated "It seems clear that Facebook was, at the very least, in violation of its Federal Trade Commission settlement." The FTC announced in March 2018 that it was reopening the Facebook investigation, following news that Cambridge Analytica improperly harvested the personal data of 87 millions users. Still no word from the FTC on how that one case is proceeding. In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order. (Feb. 20, 2019)

  • The Supreme Court has agreed to hear the government's appeal of New York v. Department of Commerce, in which a New York federal judge blocked the government from asking a citizenship question on the 2020 Census. EPIC filed an amicus brief in the case. EPIC has also sued to block the citizenship question in EPIC v. Commerce. EPIC alleges that the Bureau failed to complete privacy impact assessments before adding the question. A lower court held that the Bureau must "prepare PIAs that adequately address the collection of citizenship data in the 2020 Census," but denied a preliminary injunction. EPIC has appealed the decision. (Feb. 15, 2019)

  • EPIC has filed an amicus brief urging the Supreme Court to safeguard FCC rules that protect the public from robocalls and junk faxes. The case, PDR Network v. Carlton & Harris Chiropractic, concerns a company's efforts to disregard an FCC rule about junk faxes. EPIC explained that permitting companies to avoid FCC rules "will exclude the voices of consumers" in agency decision making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications. (Feb. 14, 2019)

  • EPIC has submitted comments the UN Special Rapporteur on Freedom of Expression for a report on the surveillance industry. The Special Rapporteur is soliciting information for a report to UN General Assembly on how surveillance technology is regulated and used around the world. EPIC's submission details a recent U.S. proposal to limit exports of surveillance technology, new limits on access to surveillance tech in the United States, and key EPIC Freedom of Information Act cases to uncover details of ICE's procurement of mobile forensics and analytics technology. EPIC pursues an extensive FOIA docket. (Feb. 14, 2019)

  • In comments to the City of New York, EPIC identified current privacy risks to New Yorkers, new challenges from the development of "smart cities" services, and also described how other cities are tackling privacy issues. The NYC Mayor's Office of Information Privacy sought input from the public on policies to best serve the privacy interests of New Yorkers. EPIC recommended that the city minimize collection of personally identifiable data, promote the use of statistical data, upgrade cyber security, and provide increased opportunity for public participation in the development of new Internet-based services. EPIC also encouraged NYC to adopt the Universal Guidelines for Artificial Intelligence when implementing AI technology. (Feb. 14, 2019)

  • EPIC joined 43 civil society organizations in a letter to Congress calling on legislators to protect civil rights, equity, and equal opportunity in the digital ecosystem. The organizations wrote that any privacy legislation must be consistent with the Civil Rights Principles for the Era of Big Data, which include: stop high-tech profiling, ensure fairness in automated decisions, preserve constitutional principles, enhance individual control of personal information, and protect people from inaccurate data. The groups said: "Platforms and other online services should not be permitted to use consumer data to discriminate against protected classes or deny them opportunities in commerce, housing, and employment, or full participation in our democracy." EPIC supports "algorithmic transparency", the public's right to know the data processes that impact their lives so they can contest decisions made by algorithms. (Feb. 13, 2019)

  • In advance of a hearing on consumer privacy, the House Energy & Commerce Committee released a GAO report calling for federal legislation to "enhance consumer protections." The announcement follows the scheduling of a Senate Commerce hearing the same week. The report highlighted the Fair Information Practices (FIPs) as a framework for federal privacy law, an approach long supported by EPIC. The GAO report further noted that the FTC has failed to use its existing authorities to regulate privacy. EPIC has advocated for the establishment of a federal data protection agency to ensure strong consumer privacy rights. (Feb. 13, 2019)

  • A recent report by the Center for State Enforcement of Antitrust and Consumer Protection Laws highlighted major privacy actions by state attorneys general, including New York's lawsuit against Apple for the FaceTime bug and California's settlement with Aetna for sending letters that revealed, through an oversized clear window, that the recipient was taking HIV-related medication. Several Attorneys General, including the DC attorney general, have sued Facebook over the Cambridge Analytica scandal. EPIC opposes federal preemption of state law, has defended the enforcement powers of state attorneys general, and established the EPIC State Policy Project to highlight model state privacy law. (Feb. 12, 2019)

  • EPIC has filed an expedited appeal in EPIC v. Commerce to block the Census Bureau from collecting citizenship information in the 2020 Census. EPIC alleged that the Bureau failed to complete privacy impact assessments before adding the citizenship question. A lower court held that the Bureau must "prepare PIAs that adequately address the collection of citizenship data in the 2020 Census" and the Bureau conceded it would complete the assessments by March. But the lower court denied EPIC's motion for a preliminary injunction, concluding that the Census Bureau is not required to conduct a privacy assessment "until the Bureau mails its first batch of Census questionnaires to the public," a view entirely at odds with the E-Government Act. EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's case in the lower court is captioned EPIC v. Commerce, No. 18-2711 (D.D.C.). (Feb. 12, 2019)

  • President Trump today signed an executive order on Artificial Intelligence that leaves many questions unanswered. EPIC has urged both the White House and Congress to ensure public input on AI policy. EPIC has also proposed the Universal Guidelines for Artificial Intelligence as the basis for AI legislation to reduce bias in decision-making algorithms, ensure digital globalization is inclusive, create human-centered evidence-based policy, promote safety in AI deployment in national security uses, and rebuild trust in institutions. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries. (Feb. 11, 2019)

  • A federal court has denied EPIC’s motion for a preliminary injunction and refused to block the Census Bureau from collecting citizenship information via the 2020 Census. As EPIC told the court, the Bureau unlawfully failed to complete multiple privacy impact assessments before it abruptly introduced the citizenship question last year. The court acknowledged that the Bureau must “prepare PIAs that adequately address the collection of citizenship data in the 2020 Census” and noted that “negative policy consequences” could result “if an agency drags its feet in performing its PIA obligations.” Nevertheless, the court held that the Bureau may drag its feet in conducting the required assessments “until the Bureau mails its first batch of Census questionnaires to the public” in 2020. EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC intends to press forward with the census case, which is captioned EPIC v. Commerce, No. 18-2711 (D.D.C.). (Feb. 8, 2019)

  • In a statement to the House Judiciary Committee, EPIC urged the panel to ensure that the Justice Department update surveillance safeguards and prioritize transparency. EPIC recommended that the Department of Justice work with Congress after the Supreme Court's decision in Carpenter, improve reporting on surveillance orders, and protect consumers in cases before the Supreme Court. EPIC's comments follow nomination hearings in the Senate for the Attorney General. The nominee was pressed on his views on bulk surveillance and law enforcement access to records held by third parties. (Feb. 8, 2019)

  • In advance of a Privacy and Civil Liberties Oversight Board forum on "Countering Terrorism while Protecting Privacy and Civil Liberties: Where do We Stand in 2019," EPIC sent a statement to the Board outlining priorities. EPIC said the Civil Liberties Board should (1) release the report on Executive Order 12333; (2) limit government use of facial recognition; (3) establish safeguard for government AI use; (4) monitor proposals for "smart" borders and assess privacy impacts on US residents; and (5) reform Section 702 surveillance authority. The independent agency reviews federal agency programs to ensure protections for privacy and civil liberties. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9-11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award. (Feb. 7, 2019)

  • In a statement to the House Judiciary Committee, EPIC urged the panel to ensure that the Justice Department updates surveillance procedure after the Supreme Court's decision in Carpenter. EPIC also said the agency should improve reporting on surveillance orders and protect consumers in cases before the Supreme Court. EPIC's comments follow hearings in the Senate for the Attorney General. Senator Leahy pressed the nominee on bulk surveillance and law enforcement access to records held by third parties after the Supreme Court held that such records are protected by the Fourth Amendment. (Feb. 7, 2019)

  • Germany's competition agency has imposed restrictions on Facebook's practice of combining user data from across its platforms, such as WhatsApp and Instagram, and prohibited the company from linking third-party data to specific Facebook user accounts. The agency President said, "Today data are a decisive factor in competition. In the case of Facebook they are the essential factor for establishing the company's dominant position." EPIC has long warned that data consolidation poses a significant threat to competition and innovation. EPIC opposed Facebook's 2014 acquisition of WhatsApp, warning that Facebook would use WhatsApp data on other platforms. In recent comments to the FTC, EPIC told the Commission that Facebook achieved its "dominance through unrivaled access to consumer data." And as early as 2008, EPIC warned that "dominant Internet firms are moving to consolidate their control over the Internet." EPIC continues to oppose platform consolidation, and recently filed an amicus brief, challenging Facebook's web tracking practices. (Feb. 7, 2019)

  • EPIC has filed a reply brief in EPIC v. Commerce urging a federal court to block the Census Bureau from adding a citizenship question to the 2020 Census. EPIC alleges that the Census Bureau failed to complete privacy impact assessments, required by law, before it abruptly added the citizenship question last year. Secretary Ross has already suggested that the census data would be used for law enforcement purposes. "Congress expected that the Bureau would conduct a comprehensive privacy review early in the process, not as the census forms were heading to the printer or delivered to the post office," EPIC told the court. A federal court in New York recently blocked the citizenship question, but the Census Bureau has appealed that decision. EPIC filed an amicus brief in the New York case and has long advocated for robust protections for census data. EPIC has also filed numerous successful lawsuits to require privacy impact assessments, including EPIC's lawsuit that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. (Feb. 6, 2019)

  • The European Court of Human Rights Grand Chamber has agreed to review Big Brother Watch v. UK, a case concerning UK surveillance power revealed by Edward Snowden. Last year the Court ruled that the communications surveillance regime narrowly violated human rights, and stopped short of ruling that bulk surveillance violated fundamental rights. The Grand Chamber, a larger panel of judges, has now agreed to hear the case again. The Chamber only agrees to review cases raising important human rights issues. The groups that brought the case requested referral and urged the Court to rule mass surveillance incompatible with human rights. EPIC filed a brief in the original case explaining that the US, which transfers intelligence data to the UK, has "technological capacities" enabling "wide scale surveillance" and that US law do not restrict surveillance of non-U.S. persons abroad. In an article, EPIC called the initial ruling against UK surveillance "narrow" but "important." (Feb. 5, 2019)

  • In advance of a hearing about the Privacy and Civil Liberties Oversight Board, EPIC sent a statement to the Senate Judiciary Committee outlining priorities. EPIC said the Civil Liberties Board should (1) release the report on Executive Order 12333; (2) review the use of facial recognition technology and propose safeguards; (3) review the use of artificial intelligence and propose safeguards; and (4) monitor proposals for "smart" borders and assess privacy impacts on US residents. The independent agency reviews federal agency programs to ensure adequate safeguards for privacy and civil liberties. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9-11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award. (Feb. 5, 2019)

  • In a hearing last week, the chiefs of the U.S. intelligence agencies told Senators that foreign adversaries will "increasingly use cyber capabilities" to "seek political, economic, and military advantage." The intelligence leaders further stated that foreign powers are "already looking to the 2020 election" in order to advance their interests, and that those powers will "almost certainly" target online operations to weaken democratic institutions. After the 2016 election, EPIC launched a project on Democracy and Cybersecurity to safeguard democratic institutions. EPIC filed a series of Freedom of Information Act lawsuits to determine the extent of Russian interference: EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). EPIC has said, "The public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election. And the public has a right to know what steps have been taken to prevent future attacks." (Feb. 4, 2019)

  • EPIC will file a lawsuit today to compel a federal agency to release audits so as to determine whether the searches of electronic devices are lawful. The Border Search Directive sets out when and how Customs and Border Patrol officials may inspect cellphones, tablets, and laptop computers of travelers crossing the US border. The Directive requires the agency to develop an auditing mechanism to ensure lawful searches, yet the agency has not published the auditing requirements or the results of the audits. So, EPIC has sed for the release of the procedures. The American Bar Association recently adopted a new policy that urges Congress, the courts, and the Department of Homeland Security to enact legislation and adopt policies to protect the privacy rights of travelers. EPIC filed a related lawsuit against Immigration and Customs Enforcement for information about the warrantless searches of cell phones. (Feb. 1, 2019)

  • EPIC joined a letter with fourteen other public interest groups to Mark Zuckerberg, calling on the Facebook CEO to shut down Facebook Messenger Kids, and cease all child-targeted business operations. This coalition effort, led by Campaign for a Commercial-Free Childhood, follows reporting that Facebook made millions of dollars by intentionally duping kids into making accidental purchases while playing games. Last year, the groups called on the company to shut down Facebook Messenger Kids based on research linking adolescent social media use with depression, poor sleep habits, and unhealthy body image. Senators Markey (D-MA) and Blumenthal (D-CT) also wrote a letter to Zuckerberg requesting answers on children's use of Facebook. EPIC, civil rights, and open market groups recently urged the FTC to act on numerous violations of the 2011 Consent Order. (Jan. 30, 2019)

  • EPIC presented the 2019 International Privacy Champion Awards to Giovanni Buttarelli, European Data Protection Supervisor, and Joe McNamee, long time Executive Director of the European Digital Rights Initiative. The ceremony took place at the annual conference on Computers, Privacy, and Data Protection in Brussels, Belgium. EPIC Advisory Board members Max Schrems and Shoshana Zuboff presented the awards. The 2019 EPIC Champion of Freedom Awards will be held at the National Press Club in Washington, DC on June 5, 2019. [Press Release] (Jan. 30, 2019)

  • Leaders of the American Bar Association completed their midyear meeting yesterday and tackled a range of policy issues, including privacy at the border. The ABA adopted a new policy that "Urges the federal judiciary, Congress, and the Department of Homeland Security to enact legislation and adopt policies to protect the privacy interests of those crossing the border by imposing standards for searches and seizures of electronic devices, protection of attorney-client privilege, the work product doctrine, and lawyer-client confidentiality." The resolution was introduced by the ABA Section of Civil Rights and Social Justice and the Criminal Justice Section. EPIC Senior Counsel Alan Butler is the Chair of the ABA Civil Rights and Social Justice Section's Committee on Privacy and Information Protection. EPIC has previously submitted "friend of the court" briefs advocating for Fourth Amendment protection of cell phone data in Riley v. California and Carpenter v. United States. (Jan. 29, 2019)

  • According to the European Commission, recent figures from the European Data Protection Board reveal that EU Data Protection Authorities have received more than 95,000 complaints from citizens across the continent. In a joint statement on International Privacy Day, the Commissioners said "Citizens have become more conscious of the importance of data protection and of their rights. And they are now exercising these rights, as national Data Protection Authorities see in their daily work." The European Data Protection Board also reported that the majority of the complaints were related to activities such as telemarketing, promotional e-mails, and video surveillance. In the United States, the Federal Trade Commission announced in March 2018 that it was reopening the Facebook investigation, following news that Cambridge Analytica improperly harvested the personal data of 87 millions users. Still no word from the FTC on how that one case is proceeding. (Jan. 28, 2019)

  • EPIC has published Simon Davies's memoir, "Privacy: A Personal Chronicle." Founder of Privacy International and one of the most effective privacy advocates in the world, Davies tells the inside story of privacy campaigns that captured media attention and transformed the world. Davies's memoir is part law and technology primer, part tale of how one person can make a difference. Hear Davies describe the memoir in his own words in video recorded for the EPIC Blog. "Privacy: A Personal Chronicle" is now available in the EPIC Bookstore in e-book and paperback. (Jan. 28, 2019)

  • A new edition of GDPR Today is available now. The online hub of the latest developments in data protection, launched by EDRi, a powerful association of European NGOs, is designed to implement the EU General Data Protection Regulation. The latest issue details the EU-Japan agreement on international transfers of personal data, NGO complaints that tech companies violated individuals' right to access their data, and recent criticism of U.S. compliance with the EU-U.S. Privacy Shield. EPIC has encouraged U.S. companies to offer GDPR protections to all consumers. The 2018 Privacy Law Sourcebook also includes the full text of the GDPR. (Jan. 28, 2019)

  • The New York Times has reported that Facebook is planning to integrate WhatsApp, Facebook Messenger, and Instagram. Earlier this week, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. In 2014, EPIC and the Center for Digital Democracy warned the Commission that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. The FTC responded to EPIC and CDD and told Facebook and WhatsApp "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook." The FTC letter concludes "hundreds of millions of users have entrusted their personal information to WhatsApp. The FTC staff continue to monitor the companies' practices to ensure that Facebook and WhatsApp honor the promises they have made to those users." Last week, Senators Markey and Blumenthal expressed concern over the impact of the government shutdown on the FTC's investigation into Facebook. Next week, the House Commerce Committee will hold a hearing on the government shutdown's impact on the FTC's Facebook investigation. (Jan. 25, 2019)

  • A report from the European Data Protection Board, an influential independent European privacy body, criticizes U.S. oversight of the EU-U.S. Privacy Shield. The European Commission recently renewed the framework permitting the flow of European consumers' personal data to the U.S. However, the Board now states U.S. oversight of compliance lacks "substantial checks." The EU Data Protection Board encouraged the Privacy and Civil Liberties Oversight Board to review U.S. surveillance authorities, and stated that the Privacy Shield Ombudsperson could not be considered an "effective remedy" for privacy violations. During review of Privacy Shield, EPIC cited concerns about the failure of the FTC to enforce the 2011 Consent Order against Facebook, passage of the CLOUD Act, and renewal of bulk foreign intelligence surveillance. (Jan. 25, 2019)

  • The Illinois Supreme Court ruled today in Rosenbach v. Six Flags, a case about a state privacy law that protects biometric data. Parents sued the theme park after it collected a child's fingerprints, charging a violation of the Illinois biometric privacy law. The theme park claimed that it was necessary to show some additional harm, but the Illinois Court held that when companies violate the law, "the injury is real and significant." EPIC filed a "friend of the court" brief in the case, arguing that the biometric privacy law "imposes clear responsibilities on companies that collect biometric identifiers" and that if these provisions are "not enforced, the statute's subsequent provisions are of little consequence." EPIC has long advocated for strict limits on use of biometric data. EPIC also filed an amicus brief the OPM data breach, a case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case. (Jan. 25, 2019)

  • The conference on Computers, Privacy, and Data Protection begins next week in Brussels. The theme of CPDP2019 is "Data Protection and Democracy." Several members of the EPIC Advisory Board will be speaking, including Julie Cohen, Jennifer Daskal, Kristina Irion, Malavika Jayaram, Max Schrems, and Shoshana Zuboff. EPIC will be promoting new books by several members, including Simon Davies, Roger McNamee, and Shoshana Zuboff. EPIC will also present the International Privacy Awards on Wednesday, January 30. (Jan. 25, 2019)

  • This week, The Public Voice urged participants at Davos to adopt the Universal Guidelines for AI to protect human rights, and to ensure access, inclusion, and equity for global citizens. Leaders of the World Economic Forum launched the 2019 Davos conference this week, with several events on privacy and AI to develop technology policies that are "underpinned by the necessary ethical principles and values-based framework." In opening remarks, Klaus Schwab said the 4th Industrial Revolution demands human-centered, inclusive, and sustainable solutions. @ThePublicVoice urged adoption of the UGAI principles to reduce bias in decision-making algorithms, ensure digital globalization is inclusive, create human-centered evidence-based policy, promote safety in AI deployment in national security uses, and rebuild trust in institutions. (Jan. 25, 2019)

  • According to a Census Bureau report, 99 percent of commenters who gave feedback on the 2020 Census are opposed to the planned addition of the citizenship question. The Bureau received more than 136,000 comments against the collection of citizenship data, many of which were signed by multiple individuals and organizations. EPIC filed comments opposing the citizenship question, arguing that it will interfere with the census's constitutional purpose and undermine the integrity of the census. EPIC is currently seeking a preliminary injunction to block the collection of citizenship data because the Bureau failed to complete privacy impact assessments required by law. The Court has scheduled a hearing for Feb. 8. EPIC's case is EPIC v. Commerce, No. 18-2711 (D.D.C.). (Jan. 24, 2019)

  • EPIC joined a coalition of groups urging the FTC to issue strong penalties in Facebook matter. "Given that Facebook’s violations are so numerous in scale, severe in nature, impactful for such a large portion of the American public and central to the company’s business model, and given the company’s massive size and influence over American consumers, penalties and remedies that go far beyond the Commission’s recent actions are called for,” the letter stated. The groups said the FTC should 1) impose substantial fines; 2) establish structural remedies; 3) require compliance with Fair Information Practices; 4) reform hiring and management practices; and 5) restore democratic governance. (Jan. 23, 2019)

  • The Ninth Circuit has ruled that the police violated the Fourth Amendment when they asked a passenger to provide identification. The Court found that "a demand for a passenger's identification is not part of the mission of a traffic stop." As the court explained, "The identity of a passenger...will ordinarily have no relation to a driver's safe operation of a vehicle." EPIC filed a "friend of the court" brief in a similar case before the Supreme Court in 2004. In Hiibel v. Sixth Judicial District, the Supreme Court narrowly upheld a state identification law for the driver of a vehicle. EPIC argued in Hiibel that "A name is now no longer a simple identifier: it is the key to a vast, cross-referenced system of public and private databases, which lay bare the most intimate features of an individual's life." EPIC also filed amicus brief in Watchtower Bible v. Stratton, concerning the right of anonymity. In that case the Supreme Court ruled that an ordinance requiring door-to-door petitioners to obtain a permit and identify themselves violated the First Amendment. (Jan. 22, 2019)

  • EPIC is seeking a preliminary injunction to block the Census Bureau from adding a question about citizenship to the 2020 Census. EPIC alleges that the Census Bureau failed to complete privacy impact assessments, required by law, before it abruptly added the question to the census last year. EPIC explained that the "extraordinary reach of the Bureau into the private lives of Americans brings with it extraordinary risks to privacy." A federal court in New York recently blocked the citizenship question, but the Census Bureau has appealed that decision. EPIC filed an amicus brief in the New York case and has long advocated for robust protections for census data. EPIC has also filed numerous successful lawsuits to require privacy impact assessments, including EPIC's lawsuit that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. (Jan. 18, 2019)

  • In a letter to the Federal Trade Commission, Senators Ed Markey and Richard Blumenthal pushed the Commission to take swift action against Facebook, despite the government shutdown. "While we have repeatedly expressed concerns about the pace of this investigation, we fear that the current government shutdown further threatens the FTC's ability to complete this investigation," the Senators wrote. "When Americans' privacy is breached, they deserve a speedy and effective response." The letter comes nearly ten months after the FTC announced it would reopen an investigation into Facebook after EPIC's urging. Since then, EPIC has urged the Commission to act and has repeatedly highlighted Facebook's violations of the 2011 consent order in statements to Congress. The 2011 consent order followed an extensive complaint filed by EPIC and a coalition of consumer privacy organizations in 2009. (Jan. 18, 2019)

  • EPIC joined 16 organizations in support of a “A Framework for Privacy Protection in the United States." The consumer groups outlined a new approach to privacy protection: (1) enact baseline federal legislation; (2) enforce fair information practices; (3) establish a data protection agency; (4) ensure robust enforcement; (5) establish algorithmic governance; (6) prohibit “take it or leave it” terms; (7) promote privacy innovation; and (8) limit government access to personal data. The consumer framework states that the Federal Trade Commission has failed to enforce the orders it has established. "The US needs a federal agency focused on privacy protection, compliance with data protection obligations, and emerging privacy challenges.” [Press Release] (Jan. 17, 2019)

  • During the nomination hearing for the next Attorney General, Senator Leahy asked Mr. Barr whether the Supreme Court's recent decision in the Carpenter case affected his views on privacy. "You had said that a person has no Fourth Amendment right to these records left in the hands of third parties—the third-party doctrine—which seems to be undercut by Carpenter," observed Senator Leahy. Barr responded, somewhat surprisingly, that he had "not read that decision" but "it may modify [his] views." Senator Leahy said he would expect an answer from the nominee to a written question. EPIC filed an amicus brief in Carpenter. The Supreme Court ruled that the Fourth Amendment protects location records stored by telephone companies. (Jan. 15, 2019)

  • A federal judge has ruled that the Secretary of Commerce's decision to add the citizenship question to 2020 Census was unlawful. EPIC filed an amicus brief in the case, arguing that "history has shown that personal data, collected by the government through the census, can threaten individual rights." EPIC has also sued the Department of Commerce (EPIC v. Commerce) because the agency failed to complete a Privacy Impact Assessment prior to collecting citizenship data. A 2004 EPIC FOIA lawsuit revealed that the Census Bureau provided DHS with data on Arab Americans after 9-11, leading the Census Bureau to revise its "sensitive data" policy for transfers to law enforcement and intelligence agencies. (Jan. 15, 2019)

  • This week the Senate Judiciary Committee will begin hearings on the nomination of William Barr for Attorney General. In a statement to the Committee, EPIC warned that "Mr. Barr has consistently supported warrantless surveillance of the American people." EPIC pointed to Barr's previous Congressional testimony where he stated that FISA is "too restrictive" and that Americans have no Fourth Amendment right in records held by third parties. EPIC recommended that the Department of Justice work with Congress to update federal wiretap laws after the Supreme Court's decision in Carpenter, improve reporting on surveillance orders, and protect consumers in cases before the Supreme Court. (Jan. 14, 2019)

  • A key House panel requested an emergency briefing from the Federal Communications Commission to determine why the agency has not prevented wireless carriers from selling consumers' location data. The request followed reports that wireless providers sell location data to third parties, despite pledging to not do so after investigations last year. In 2007, EPIC urged the FCC to establish privacy safeguards for location data. And in 2010 EPIC wrote to the House Commerce Committee that "Locational privacy concerns are substantial and growing more severe." EPIC also filed a friend of the court brief in 2017 in the landmark location privacy case, Carpenter v. United States. A recent article by EPIC President Marc Rotenberg, for the American Constitution Society, sets out recommendations for Congress after the Carpenter decision. (Jan. 14, 2019)

  • EPIC is requesting to intervene in a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdom asks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone. (Jan. 11, 2019)

  • The Supreme Court agreed today to hear two cases of interest to privacy and open government advocates. One case concerns the withholding of "confidential" information requested under the Freedom of Information Act. EPIC recently sued the Federal Trade Commission for information about Facebook's privacy practices, but the FTC has claimed the records are confidential and therefore should not be released. The second case, Mitchell v. Wisconsin, concerns a state law that permits law enforcement officers to draw blood from unconscious motorists without a warrant. EPIC routinely participates as amicus in Supreme Court cases concerning open government and privacy issues. Both cases are expected to be decided by the end of the Court's term in June. (Jan. 11, 2019)

  • The opinion of a key adviser to the Europe's top court finds that that the "right to be forgotten" need not be applied worldwide. Google v. Commission nationale de l'informatique et des liberté follows a ruling in Google v. Spain that Europeans have a right, in some circumstances, to remove links to their personal data posted online by Google. The advocate general said that while Europeans are entitled to have private information delisted in the EU, search engines do not have to remove links from view in foreign domains even though they make the personal data available in those domains for commercial benefit. EPIC has supported the CNIL's approach instead, contending "the right to privacy is global." The European Court of Justice will now decide whether to adopt the opinion from the Advocate General. EPIC published "The Right to be Forgotten on the Internet: Google v. Spain" an account of the case by former Spanish Privacy Commissioner and EPIC Champion of Freedom Professor Artemi Rallo. (Jan. 11, 2019)

  • As part of a routine review, EPIC asked the United Nations Human Rights Committee to question the US about the failure to protect individuals against privacy violations by private industry. This year the Committee will review US compliance with human rights obligations under the International Covenant on Civil and Political Rights. EPIC explained that countries "have a duty to protect individuals against human rights violations by non-state actors," and pointed to Article 17 in the international agreement. "Despite record-breaking data breaches, identity theft, and extensive corporate surveillance, the U.S still lacks both comprehensive privacy legislation and a data protection authority," EPIC concluded. The EPIC 2018 Privacy Law Sourcebook provides a comprehensive overview of privacy laws in the US and around the world. (Jan. 10, 2019)

  • Newly released emails from the Bush Whitehouse reveal that Brett Kavanaugh and John Yoo, architect of the warrantless surveillance program, exchanges several messages about warrantless surveillance programs in the fall of 2001. The release follows EPIC's FOIA lawsuit for Justice Kavanaugh's records from when his nomination was before the United States Senate. The new records show that there were multiple emails about the warrantless surveillance program that was eventually overturned by the US Congress. The emails also reference a signing statement—likely for the 2001 authorization of military force — and a discussion thread "FISA [Foreign Intelligence Surveillance Act] letter." The agency previously identified several hundred e-mails about surveillance programs that Kavanaugh authored. But the text of many emails was withheld in full, leaving open questions about Kavanaugh's role in the post-9/11 surveillance programs. (Jan. 10, 2019)

  • A federal appeals court heard oral arguments in a case about whether a dating app is liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the relevant law was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues. (Jan. 9, 2019)

  • The European Commission's Expert Group on Artificial Intelligence has requested comments on draft Guidelines for Trustworthy AI. The EU Guidelines state, "Trustworthy AI has two components: (1) it should respect fundamental rights, applicable regulation and core principles and values, ensuring an 'ethical purpose' and (2) it should be technically robust and reliable since, even with good intentions, a lack of technological mastery can cause unintentional harm." The EU Guidelines reflect several principles from the Universal Guidelines for Artificial Intelligence, which have been endorsed by more than 250 experts and 60 organizations in 40 countries. The Universal Guidelines promote transparency, accuracy, and fairness for AI systems. Comments to the European Commission are due January 18, 2019. The final report will be released in March 2019. (Jan. 9, 2019)

  • In comments to the FTC, EPIC recommended free credit monitoring for all consumers. The agency will require free credit monitoring for all active service members, following legislation enacted last year. EPIC said the FTC should urge Congress to extend free credit monitoring services. The statute includes several pro-consumer measures that EPIC favored: it (1) requires consumer reporting agencies to provide a consumer with free "credit freezes" that limit third party access to personal data, (2) establishes clear provisions for these freezes, and (3) creates new protections for the credit records of minors. In testimony before the Senate and House following the Equifax data breach, EPIC recommended credit freezes and free credit monitoring services. (Jan. 9, 2019)

  • In comments to the Federal Aviation Administration, EPIC praised the agency for inviting public input on technology that exposes aircraft control networks to remote hacking. EPIC previously warned the FAA that, "hackers can exploit weaknesses in drone software to gain control of a drone's movement and other features." EPIC has also called attention to the potential for connected cars and Internet of Things devices to be hacked. EPIC recommended that the FAA routinely report on the growing risks of cyber attack. (Jan. 8, 2019)

  • The National Archives has released thousands of emails Justice Kavanaugh sent between January 2001 and July 2003 while working in the White House Counsel's office. The release includes hundreds of emails concerning controversial White House surveillance programs the Archives previously identified in response to EPIC's lawsuit. In October, the National Archives revealed that Kavanaugh sent 11 e-mails to John Yoo, the architect of warrantless wiretapping; 227 e-mails about "surveillance" programs and the "Patriot Act;" and 119 e-mails concerning "CAPPS II" (passenger profiling), "Fusion Centers" (government surveillance centers), and the Privacy Act. Subsequent searches revealed thousands more emails sent to Kavanaugh about mass surveillance programs. (Jan. 7, 2019)

  • The Supreme Court has let stand an adverse lower court ruling in EPIC's case about state voter data. EPIC filed suit against the Presidential Election Commission in 2017 to halt the collection of state voter data. As a result of EPIC's case, the Commission suspended data collection, discontinued the use of an unsafe computer server, and deleted the state voter data it wrongly acquired. And the Commission was terminated last year. However, a lower court ruled that EPIC, at the time it brought the case, was limited in its ability to pursue certain claims. EPIC asked the Supreme Court to review that decision and the fact the demise of the Commission made it impossible for EPIC to challenge the ruling. But the Court left the ruling unchanged. EPIC's case in the Supreme Court is EPIC v. Commission, No. 18-267. (Jan. 7, 2019)

  • Despite comments from EPIC and others, Customs and Border Protection will collect social media information from Americans and place that data outside legal protections provided by the Privacy Act. EPIC proposed opposed the collection of personal data and said that CBP should narrow the Privacy Act exemptions. The agency responded briefly to public comments, failing to defend the agency's decision. In a related FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. (Jan. 3, 2019)

  • A federal court has blocked a New York City law requiring home-sharing platforms to disclose detailed personal information about users, ruling that the ordinance violates the Fourth Amendment. The law would have required companies such as Airbnb to disclose the names, contact information, financial data, and rental histories of hosts, even when no unlawful conduct was suspected. "An attempt by a municipality in an era before electronic data storage to compel an entire industry monthly to copy and produce its records as to all local customers would have been unthinkable under the Fourth Amendment," the court wrote. The court followed a Supreme Court case Los Angeles v. Patel, which prohibited the warrantless searches of hotel records. EPIC filed an amicus brief in Patel. The federal court also cited Carpenter v. United States, Byrd v. United States, Riley v. California, and United States v. Jones, Supreme Court cases in which EPIC also filed amicus briefs. The decision in Airbnb v. New York also has implications for the data collection practices of so-called Smart Cities. (Jan. 3, 2019)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.