An effort led by Senator Patrick Leahy (D-VT) to pass the USA FREEDOM Act failed on a narrow procedural vote last night. The FREEDOM Act would have ended the NSA's bulk collection of US telephone records. The bill would also improve oversight and accountability of the Foreign Intelligence Surveillance Act. Last year, EPIC petitioned the Supreme Court to suspend the bulk collection of Americans' telephone records. EPIC's petition was supported by dozens of legal scholars and former members of the Church Committee. EPIC also testified in Congress in support of improved reporting for domestic surveillance activities. For more information, see EPIC: Foreign Intelligence Surveillance Act Reform and In re EPIC.
The Federal Trade Commission settled charges today that TRUSTe, a company that provides privacy certifications for online businesses including children's privacy and the US-EU Safe Harbor program, deceived consumers through its privacy seal program. The FTC charged TRUSTe with failure to conduct re-certifications for companies that displayed privacy seals, even though TRUSTe stated on its website that it conducted annual re-certifications. "TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge," said FTC Chairwoman Edith Ramirez. Under the consent agreement, TRUSTe is prohibited from misrepresenting its business practices to consumers. TRUSTe must also submit a detailed filing to the FTC every year, describing its COPPA recertification process and must pay a fine of $200K. In February, EPIC submitted comments to the Federal Trade Commission, urging the agency to improve pending settlements in several Safe Harbor enforcement actions, citing weaknesses in current Safe Harbor oversight. And just this month, EPIC filed a lengthy amicus brief in federal appeals court in support of the FTC's "Section 5" authority. For more information, see EPIC: FTC.
Senator Edward J. Markey (D-MA) has sent detailed questions to Attorney General Holder about recent reports that law enforcement agencies have deployed aircraft equipped with cell tower simulators to capture mobile phone communication. The devices, known as "IMSI catchers" or "Stingray," identify and track cell phone users. Senator Markey wrote "the sweeping nature of this program and likely collection of sensitive records...raise important questions about how the Department protects the privacy of Americans" with no connection to unlawful activities. EPIC successfully sued the FBI to obtain documents about the agency's use of Stingray devices. EPIC has also filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking is a search under the Fourth Amendment and should only be conducted with a judicial warrant. For more information, see EPIC: Locational Privacy and EPIC v. FBI (Stingray).
EPIC, joined by thirty-three technical experts and legal scholars, has filed an amicus brief in support of the Federal Trade Commission's authority to establish data security standards. EPIC described the extent of the data security risks in the United States, the important role of the FTC, and the danger of removing FTC authority to safeguard consumer data. EPIC said, "The FTC's authority to regulate business practices impacting consumer privacy is well established, the problem is obvious, and the agency has a clear record of success." EPIC cited 50 successful enforcement actions against companies that failed to safeguard customer data. EPIC also detailed the ongoing risks of identity theft and financial fraud facing American consumers. EPIC warned, "Removing the FTC's authority to regulate data security would be to bring dynamite to the dam." For more information, see EPIC: FTC v. Wyndham, EPIC: EPIC Amicus Curiae Briefs.
Senator Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, has urged swift passage of the USA FREEDOM Act, which would end the government's dragnet collection of telephone records. The bipartisan bill, which Senator Leahy introduced in July, would also improve oversight accountability for domestic surveillance activities. It has broad bipartisan support among the Intelligence Community, the technology industry, and privacy advocates. Senator Leahy said "Congress should pass the bipartisan USA FREEDOM Act without delay." Last year EPIC petitioned the US Supreme Court to end the NSA bulk record collection program. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. For more information, see EPIC: In re EPIC - NSA Telephone Record Surveillance.
Speaking at a conference in Brussels, "Toward a European Marco Civil," EPIC President Marc Rotenberg expressed support for The Declaration of Human Rights, an initiative of the Italian government led by Constitutional scholar Stefano Rodotà. Rotenberg said, "We must protect the political rights of Internet users, not simply the business models of Internet companies." The event was organized by the Fundamental Rights European Experts ("FREE") Group with the support of the Friedrich Eber Stiftung. For more information, see Civil Society Seoul Declaration and Madrid Privacy Declaration.
According to the Pew Research Report "Public Perceptions of Privacy and Security in the Post-Snowden Era," most users of social media are very concerned about businesses and government accessing their personal data. 80% of adults "agree" or "strongly agree" that Americans should be concerned about the government's monitoring of phone calls and internet communications. 64% believe there should be more regulation of advertisers. Almost all users rank their social security number as the most sensitive piece of personal data. EPIC has asked the House Committee on Homeland Security to suspend a DHS program that is monitoring social networks and media organizations. EPIC has recommended that the FTC to establish privacy protections for online advertising. EPIC has also urged the US Congress over many years to limit the use of the Social Security Number for commercial purposes. For more information, see EPIC: Public Opinion on Privacy, EPIC: Facebook Privacy, EPIC: Social Media Monitoring, and EPIC: Social Security Numbers.
In a speech delivered at Stanford University, National Security Agency director Michael Rogers announced that the NSA will no longer stockpile "zero-day exploits", software glitches that could facilitate cyber espionage. In the past, the NSA has kept these vulnerabilities secret for use in counterintelligence. Admiral Rogers announced, "the default setting is if we become aware of a vulnerability, we share it." By disclosing vulnerabilities, the NSA allows software developers to fix the glitches and keep the internet more secure. Admiral Rogers recognized that "'a fundamentally strong Internet is in the best interest of the U.S.'" In December 2013, the President's Review Group on Intelligence and Communications Technologies recommended that "US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks." The Review Group report contains 45 other similar recommendations that EPIC generally supports and the White House has pledged to adopt. Earlier this year, the NSA's policies on zero-day exploits came under scrutiny when an glitch known as the "Heartbleed bug" threatened to undermine SSL encryption across the entire internet. For more information, see EPIC: In re EPIC and EPIC: NSPD-54 Appeal.
EPIC has recommended that the Privacy and Civil Liberties Oversight Board prioritize Privacy Act enforcement. The Board is planning to host a conference "Defining Privacy." EPIC stated "The Privacy Act provides a sound framework for privacy protection in the United States. Government agencies within the PCLOB's purview contravene the Privacy Act's intent and pose substantial privacy risks by claiming broad exemptions from coverage under the Act. The Board must improve agency accountability by auditing programs for Privacy Act compliance and recommending expanded authorities under the Privacy Act." EPIC recently provided expert commentary at a Georgetown University Law Center conference celebrating the 40th anniversary of the Privacy Act. For more information, see EPIC: FAA v. Cooper, EPIC: Doe v. Chao, and EPIC: The Privacy Act of 1974.