Daily updates on privacy stories in the news.

Defend Privacy. Support EPIC.

EPIC Prevails in "Stingray" Case Against FBI

EPIC has obtained nearly $30,000 in litigation fees as a result of a Freedom of Information Act case against the FBI concerning a new surveillance technology. EPIC's lawsuit produced the release of more than 4,000 pages of documents about a phony cell tower technique called "Stingray." The documents obtained by EPIC revealed that the FBI used the devices to monitor cell phones without a warrant, and provided Stingrays to other law enforcement agencies. Following objections by Senator Grassley, the FBI restricted Stingray use. In EPIC v. FBI, No. 12-667, the Federal District Court awarded EPIC nearly all of the attorneys' fees requested.

FAA Ignores Privacy Concerns in Public Rulemaking on Commercial Drones

The Federal Aviation Administration announced a public rulemaking for the integration of small commercial drones into the National airspace. The rules will establish safety procedures but will not address privacy concerns. The agency stated that privacy "issues are beyond the scope of this rule making." EPIC and 100+ organizations, experts, and members of the public petitioned the FAA to conduct a public rulemaking on the privacy impact of domestic drone use. Several members of Congress, including Senator Markey and Senator Paul have urged the establishment of privacy laws before surveillance drones are deployed in the United States.

President Orders Federal Agencies to Adopt Privacy Rules for Drone Use, FAA Proposes Weak Rules for Commercial Users

The President has issued a new Executive Order requiring all federal agencies to adopt privacy rules for drone use. The Order is intended to limit the collection and use of personally identifiable information. The rules will also require agencies to adopt transparency and accountability procedures for drone use. The Order incorporates recommendations made by EPIC in testimony to Congress and comments to several federal agencies. The Federal Aviation Administration has also proposed new regulations for commercial drone use in the United States. These rules will establish safety procedures for drone use, including maximum height, weight and line-of-sight operation, but the rules do not address the privacy impact of commercial drone use. EPIC petitioned the FAA to establish clear privacy rules for commercial drone operators.

Executive Order Calls for More Cybersecurity Info "Sharing"

President Obama announced today an Executive Order to promote collaboration between the private sector and the government to counter cyber threats. The Order encourages the companies to disclose user data to the federal government outside any judicial process. The Order also promotes compliance with Fair Information Practices and adoption of such Privacy Enhancing Techniques as data minimization. The Executive Order is one of several cybersecurity initiatives announced by the President. In EPIC v. NSA, after a five-year court battle, EPIC obtained National Security Presidential Directive 54 which revealed the NSA's role in domestic cyber security.

EPIC Urges House to Safeguard Student Privacy

EPIC has sent a statement to a House Committee in advance of the Committee's hearing on "How Emerging Technology Affects Student Privacy." EPIC urged the Committee to "pursue effective measures that meaningfully safeguard student data," including adoption of the Student Privacy Bill of Rights, privacy enhancing techniques, and a private right of action against companies that unlawfully disclose student data. Last month, President Obama proposed legislation to "ensure that data collected in the educational context is used only for educational purposes." EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy.

EPIC Urges UN to Support Secure, Anonymous Communications

In a letter to the UN Special Rapporteur, David Kaye, EPIC urged the UN Human Rights Committee to support the use of encryption and anonymity in digital communications. The UN Special Rapporteur is studying encryption and anonymity for a report due to the UN Human Rights Council later this year. Citing extensive work over many years in support of the freedom the use encryption and the fundamental right of anonymity, EPIC stated, "In our modern age, encryption is the key technique and anonymity is the core legal right that protects the right to privacy." Last year, EPIC and others urged NIST to adopt "secure and resilient encryption standards, free from back doors or other known vulnerabilities."

In EPIC v. DHS, DC Circuit Backs Agency Secrecy on "Internet Kill Switch"

The federal court of appeals based in Washington, DC has ruled that the Department of Homeland Security may withhold from the public a secret procedure for shutting down cell phone service. EPIC pursued the DHS policy after government officials in San Francisco disabled cell phone service during a peaceful protest in 2011. EPIC sued DHS when the agency failed to release the criteria for network shutdowns. A federal judge ruled in EPIC's favor. On appeal, the D.C. Circuit held for the DHS but said that the agency might still be required to disclose some portions of the protocol.

Senator Markey Report Warns of Risks with "Connected Cars"

A report from Senator Edward Markey (D-MA) finds lax privacy practices at leading auto manufacturers. The Senator said the safeguards in the auto industry for data collection are "inconsistent" and "haphazard." The investigation also revealed, "automobile manufacturers collect large amounts of data on driving history and vehicle performance." Senator Markey has called on the Department of Transportation and the Federal Trade Commission to issue rules to protect driver privacy and security. EPIC has urged the Department of Transportation to protect driver privacy. EPIC has written extensively on interconnected devices, including cars, known as the "Internet of Things" and said also that "cars should not spy on drivers."

UK Privacy Groups Prevail in GCHQ Spying Case

A British court that oversees intelligence gathering has ruled that GCHQ, the British spy agency, violated international human rights law with the mass collection of cellphone and Internet data. Last year, the same court ruled that data could lawfully be transferred between US and UK intelligence agencies. That earlier decision is on appeal to the European Court of Human Rights in Strasbourg. In 2013, following the disclosure of the "Verizon order," which authorized the NSA's routine collection of US telephone records, EPIC brought a petition to the US Supreme Court, arguing that the agency practice exceeded the "Section 215" authority. Dozens of legal scholars and former members of the Church Committee supported the EPIC petition.