The House has voted to reauthorize the FISA Amendments Act (301-118). The Act authorizes programs of surveillance intended to target foreign agents, but allows collection of private communications of United States citizens without individualized suspicion. In May 2012, EPIC Executive Director Marc Rotenberg testified before the House Judiciary Committee on the legislation and recommended new oversight procedures. The Senate has yet to consider the measure. Senator Ron Wyden (D-OR) and others have expressed concern about renewal of the Act. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International USA.
EPIC has filed a reply brief with the U.S. Court of Appeals for the D.C. Circuit in the airport body scanner case. The case arises from EPIC's Mandamus Petition, seeking to enforce the Court's July 2011 order requiring the DHS to "promptly" begin notice-and-comment rulemaking. EPIC has argued that the agency's ongoing delay is "unreasonable" and that the Court should require the Secretary to begin the rule making or suspend the program. For more information, see: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Whole Body Imaging Technology.
Representative Edward Markey (D-MA) introduced "The Mobile Device Privacy Act," a bill that would require companies disclose the existence of monitoring software to consumers and obtain consent before using this software to collect personal information. The bill, H.R. 6337, would also direct the Federal Trade Commission and the Federal Communications Commission to develop rules implementing the act’s provisions. Recently, EPIC filed comments with the FCC urging the Commission to require mobile carriers to implement comprehensive fair information practices. For more information, see EPIC: Customer Proprietary Network Information and EPIC: Location Privacy.
The Federal Trade Commission has finalized the terms of a settlement with Myspace. The settlement follows from allegations that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. EPIC commented on the settlement, recommending that the FTC make the settlement at least as protective as a previous settlement with Facebook. Additionally, EPIC said, the FTC should require Myspace to implement practices consistent with the White House’s Consumer Privacy Bill of Rights. In response to EPIC’s comments, the FTC decided to accept the proposed settlement without modification but said that “the privacy program mandated under the consent order will require Myspace to address many of the consumer protections discussed in your comment.” For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy.
"Rebuilding TSA into a Smarter, Leaner Organization," a new House Report critiques the Transportation Security Administration for "failing to meet taxpayers' expectations." The report, prepared by the House Committee on Homeland Security, recommends that the TSA sponsor "an independent analysis" of the health risks of body scanners and install privacy filters on all devices. The Report cites the decision in EPIC v. DHS, pointing out that the TSA has failed to abide by the ruling of a federal appeals court to "act promptly" to receive public comments. For more information, see EPIC v. Department of Homeland Security - Full Body Scanner Radiation Risks and EPIC v. TSA - Body Scanner Modifications (ATR).
"Drones in Domestic Surveillance Operations," a new report from the the Congressional Research Service, examines current law, the Fourth Amendment, and recently introduced legislation. The CRS finds that "the prospect of drone use inside the United States raises far-reaching issues concerning the extent of government surveillance authority, the value of privacy in the digital age, and the role of Congress in reconciling these issues." In testimony before a House Subcommittee earlier this year, EPIC's Amie Stepanovich stated, "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies that need to be addressed." EPIC recommended that the FAA develop privacy rules, that DHS conduct a privacy assessment, and that Congress establish new privacy safeguards. EPIC, joined by over 100 organizations, experts, and members of the public, has also petitioned the FAA to begin a rulemaking on the privacy impact of drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.
The 6th Annual Computers, Privacy and Data Protection Conference has announced a Call for Papers. The conference will take place January 23-25, 2013, in Brussels. Both experienced and junior researchers, as well as Ph.D. candidates, are invited to submit work. The theme of the 2013 CPDP conference is “Reloading Data Protection.” Organizers are particularly interested in papers focusing on technology’s relationship to privacy, data protection, non-discrimination and surveillance. Deadline for submissions is October 19, 2012. EPIC is a participant in CPDP conferences and presents the ”EPIC International Champion of Freedom Awards” at CPDP. For more information, see EPIC Champion of Freedom Press Release, EPIC: EU Law, EPIC: Privacy.
A survey by the Pew Research Center found that the majority of mobile phone users have uninstalled or avoided apps due to privacy concerns. According to the report, 54% of mobile users have decided to not install an app after discovering the amount of information it collect, and 30% of mobile users uninstalled an app after discovering that it was collecting personal information that they didn’t wish to share. Owners of Android and iPhone devices are also equally likely to delete (or avoid entirely) cell phone apps due to concerns over their personal information. Younger cellphone users were also twice as likely as older users to report that "someone has accessed phone in a way that felt like privacy invasion." This poll follows another survey by Pew that found that users were becoming more active in managing their social media accounts. For more information, see EPIC: Public Opinion on Privacy.
In a letter to members of the European Parliament, over twenty U.S. consumer organizations expressed support for the new European data protection law. The coalition, including Consumers Union, Consumer Federation of America, and Public Citizen, said that the proposed regulation "provides important new protections for the privacy and security of consumers." The groups also explained that the European effort will raise privacy standards for consumers in other parts of the world. The European Union privacy regulation is a comprehensive update of the 1995 EU Data Protection Directive and adopts innovative new approaches to privacy protection, such as "Privacy by Design." BEUC, the association of European consumer groups, has also expressed support for the new law. For more information, see EPIC: EU Data Protection Directive.
The TSA has responded to EPIC's recent motion about the airport body scanner program. Citing the agency's extraordinary delay in seeking
public comment on the controversial program, EPIC urged the court in Washington, DC to require the TSA begin the comment process in 60 days or suspend the program. In its response to EPIC, the TSA claims that the earliest possible date it could "finalize documents" before even starting the public comment process would be "the end of February 2013." EPIC filed the motion a year after the federal agency was ordered by the D.C. Circuit Court to "promptly" begin a public rulemaking and more than three years after a coalition of organizations petitioned Secretary Napolitano to begin the rulemaking. A group of organizations, led by the Competitive Enterprise Institute, has filed an amicus brief in support of EPIC. EPIC will file a reply to the TSA on September 10. For more information, see EPIC v. DHS (Suspension of Body Scanner Program).
The D.C. Circuit Court of Appeals has invalidated a Texas law that would require voters to present a photo identification in order to vote. Calling the law “the most stringent in the country,” the court held that “record evidence suggests that [the law], if implemented, would in fact have a retrogressive effect on Hispanic and African American voters.” Therefore, the court held, the law violates section 5 of the Voting Rights Act of 1965. Section 5 requires “covered jurisdictions” to show that new voting procedures, such as Voter ID requirements, are nondiscriminatory before those changes can be put into effect. The ruling came after the Department of Justice previously blocked the law through the Section 5 preclearance process. EPIC has argued that unreasonable voter ID requirements are an impermissible burden on the right to vote. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.