Daily updates on privacy stories in the news.

Defend Privacy. Support EPIC.

EPIC Backs Comments on Location Privacy

EPIC has joined a coalition of consumer privacy groups in comments to the Federal Communications Commission on the "Roadmap for Improving E911 Location Accuracy." EPIC and the groups explained that collecting location information without privacy protections puts customers at risk. EPIC filed similar comments with the FCC in 2007. EPIC urged the Commission to recognize that "(1) the FCC has an obligation to protect the privacy of consumer information generated by the provision of communication services; (2) current regulations do not adequately location-based information, (3) legal frameworks, notably in the European Union, provide safeguards for location data, and (4) the Commission should establish rules that limit the use of customer location-based information." EPIC has frequently advocated for express authorization prior to disclosure of "call location information." The "Roadmap" raises concerns that the location of telephone users will be routinely known to federal agencies, whether or not there is an emergency. EPIC has also filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking by the government is a search under the Fourth Amendment and should only be conducted with a judicial warrant. For more information, see EPIC: Locational Privacy.

EPIC to Argue Before DC Circuit for Release of Cell Phone Shutdown Policy

This week EPIC President Marc Rotenberg will argue EPIC v. DHS, No. 14-5013 before the US Court of Appeals for the DC Circuit. At issue is the public release of the policy - "SOP 303" - to shut down cell phone service in the United States. EPIC filed a filed a Freedom of Information Act request for the policy after government officials shut down cell phone service during a peaceful protest at BART subway stations in San Francisco. The government first contended it could not find the document, then located the document, then claimed it was exempt from disclosure. EPIC filed suit against the agency and a federal court ruled in EPIC's favor. On appeal, the government argued the decision should be reversed. EPIC responded that the decision was correct and SOP 303 should be released. The DC Circuit will hear arguments Thursday morning. For more information, see EPIC v. DHS - SOP 303.

Leahy FOIA Reform Bill Passes in Senate

The Senate has unanimously passed the Freedom of Information Improvement Act of 2014. (Outline of bill.) The bill, cosponsored by Senator Patrick Leahy (D-VT) and Senator John Cornyn (R-TX), requires Federal agencies to operate under a "presumption of openness." "The FOIA Improvement Act will help open the government to all Americans by placing an emphasis on openness and transparency, rather than allowing agencies simply to hide behind exemptions," Leahy and Cornyn said in a joint statement. The FOIA Improvement Act will also close a loophole that agencies have used to make requesters pay excessive fees, even when the agency takes years to process the request. EPIC has recommended many of these reforms, including changes to the "(b)(5)" exemption for agency memos. The bill goes next to the House for consideration. For more information, see EPIC: FOIA and FOIA.ROCKS.

EPIC Asks New Mexico Supreme Court to Limit Aerial Surveillance

EPIC filed an amicus brief in a New Mexico Supreme Court case considering the warrantless search of private property. State v. Davis concerns law enforcement surveillance in a low-flying helicopter. EPIC argued that warrantless surveillance around a person's home violates both property interests and an individual's reasonable expectation of privacy. EPIC also warned the New Mexico high court that "Drones will enable broader use of aerial surveillance by law enforcement" agencies. EPIC explained that "it will be necessary to establish privacy rights to protect against constant monitoring." EPIC previously testified before Congress in support of a drone privacy law and petitioned the FAA to establish privacy safeguards for drone use. For more information, see EPIC: State v. Davis and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

British Court Upholds Mass Surveillance by UK Spy Agency

The Investigatory Powers Tribunal, which reviews complaints of unlawful surveillance by Britain's intelligence agencies, ruled that mass collection of online communications is legal. The complaint was brought by several privacy rights groups in the UK and focused on GCHQ's electronic surveillance program, TEMPORA, and information the UK spy agency obtained through NSA's PRISM and Upstream programs. The privacy rights groups plan to appeal the decision to the European Court of Human Rights. EPIC previously challenged the NSA's mass surveillance of U.S. phone records in a 2013 petition to the Supreme Court. EPIC's petition argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered Verizon to turn over records on all of its customers to the NSA. The EPIC petition was supported by legal scholars and former members of the Church Committee. For more information, see In re EPIC and EPIC: Foreign Intelligence Surveillance Act Reform.

U.N. Urges All Countries to Protect Digital Privacy

The United Nations has adopted a resolution on "The Right to Privacy in the Digital Age" that reaffirms the rights and freedoms embodied in the Universal Declaration of Human Rights. The UN resolution highlights the risks of mass surveillance and warns that metadata "can reveal personal information and can give an insight into an individual's behavior, social relationships, private preferences and identity." Earlier this year, in a joint submission to the United Nations, the Brennan Center, EPIC, and other public interest organizations urged the Human Rights Council to review U.S. surveillance programs. The letter stated that U.S. "surveillance activities also violate the rights to privacy, freedom of expression, and the freedom of peaceful assembly and association..." guaranteed by the Universal Declaration of Human Rights. For more information, see EPIC: Council of Europe Privacy Convention and Public Voice - Madrid Declaration.

Congress Considers Bill to Strengthen Privacy Act

Congressman Gerry Connolly (D-VA-11) has introduced legislation to update the federal Privacy Act. The "Safeguarding Individual Privacy Against Government Invasion Act of 2014" would compensate individuals for non pecuniary harms after Privacy Act violations. The proposal is a response to FAA v. Cooper, a Supreme Court case holding that the Privacy Act does not cover mental and emotional damages. EPIC filed a "friend of the court" brief in that case, explaining that privacy laws routinely provide recovery for mental and emotional harm, that such damages are the most common consequence of privacy violations, and that civil remedies are necessary to ensure enforcement of the Privacy Act. Following the decision in FAA v. Cooper, EPIC set out proposals to strengthen the Privacy Act. EPIC has recently recommended that the Privacy and Civil Liberties Oversight Board prioritize Privacy Act enforcement. For more information, see EPIC: FAA v. Cooper, EPIC: Doe v. Chao, and EPIC: The Privacy Act of 1974.

Facebook Revises Privacy Policy

Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent. The use of location data has expanded dramatically. "We collect information from or about the computers, phones, or other devices where you install or access our Services," states Facebook. These include "device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals." Facebook is currently under a 20 year consent decree with the Federal Trade Commission as a consequence of a complaint brought by EPIC and coalition of consumer privacy organizations when the company changed the privacy settings of users. More recently consumer organizations in the US and Europe have objected to Facebook's decision to track the web activities of users and to profile offline purchase. Privacy groups have also objected to Facebook's manipulation of user news feeds. For more information, see EPIC: Facebook and EPIC: In re Facebook.

Pew Survey: Americans Wrongly Believe Privacy Policies Protect Privacy

According to a Pew Survey, over 50% of internet users in the U.S. believe privacy policies protect their information. The survey posed the following true/false statement, "When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users." 52% of users incorrectly answered "true." The question was based on a similar 2003 survey - which found that 57% of users believed privacy policies protected their information. In the 1999 survey on online privacy, "Surfer Beware III: Personal Privacy and the Internet", EPIC "found that the privacy policies available at many websites are typically confusing, incomplete, and inconsistent." The original EPIC survey "Surfer Beware: Personal Privacy and the Internet (1997)" was the first survey ever undertaken of Internet privacy practices. EPIC wrote at the time, "it is matter of basic fairness to inform web users when personal information is being collected and how it will be used." For more information, see EPIC: Public Opinion on Privacy.