In a speech at the Federal Trade Commission today, President Obama called for free access to credit scores. This will improve transparency for companies that profile consumers with "big data." Last year, the White House explored "Big Data and the Future of Privacy." EPIC called for "algorithmic transparency" and urged the White House to end secret profiling that limits opportunities for consumers, employees, students, and others.
Today the President announced several initiatives to help protect consumer privacy following many, many data breaches. The President will move forward the Consumer Privacy Bill of Rights, a model framework for federal consumer privacy legislation, that EPIC supported in comments to executive agencies, legislators, and the White House. The President also proposed that financial firms disclose credit scores and that Congress enact the Student Digital Privacy Act based on "Fair Information Practices."
Today the President will propose legislation to safeguard student data, to "ensure that data collected in the educational context is used only for educational purposes." The Student Digital Privacy Act, based on a landmark California statute, will prohibit companies from selling data for non-educational purposes and from using data for targeted advertising. Last year, EPIC called for a Student Privacy Bill of Rights to safeguard student information. EPIC has urged Congress and the Department of Education to strengthen student privacy.
In a letter to Senators Grassley and Leahy, EPIC has urged the Senate Judiciary Committee to investigate the FBI's "Next Generation Identification" program. NGI is the most extensive biometric database in the world and raises many privacy risks. In a recent FOIA case, EPIC v. FBI, EPIC obtained documents which show that the FBI accepted a 20% error rate for facial recognition matches. EPIC and over 30 organizations have urged Attorney General Holder to conduct a privacy assessment of NGI, but the program has since gone fully operational without the required evaluation.
In a speech at the CES conference this week, FTC Chair Edith Ramirez warned of the privacy risks of connected home devices. "In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored," Ramirez said. EPIC has written extensively on interconnected devices, known as the "Internet of Things." In comments to the FTC, EPIC described several risks, including the hidden collection of sensitive data. EPIC recommended that companies adopt Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see EPIC: FTC and EPIC: Big Data.
The Transactional Records Access Clearinghouse has released its analysis of 2014 litigation under the Freedom of Information Act. TRAC found that 422 FOIA lawsuits were filed in the past year, the highest number since 2001. Among advocacy organizations, EPIC was the third most frequent filer, with seven lawsuits filed in 2014. Several notable lawsuits were also filed by the New York Times and Vice reporter Jason Leopold. The Department of Justice was the federal agency most frequently sued, followed by the Department of Defense. For more information see: EPIC: Open Government and FOIA.ROCKS.
The DHS Office of Inspector General has released a new report on the drone surveillance program operated on the US border. The Inspector General found that the government "has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security." The report also found that Customs and Border Protection underestimated the cost of operations. The Inspector General recommends tabling any expansion of the drone surveillance program. In February 2013, EPIC petitioned the agency to suspend the border surveillance program pending the establishment of concrete privacy regulations. The petition followed an EPIC Freedom of Information Act request, which found that border drones carry advanced surveillance equipment that could intercept electronic communications and identify human targets on the ground. For more information, see EPIC: Domestic Drones and EPIC Spotlight on Surveillance: Drones - Eyes in the Sky.
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Chuck Grassley (R-Iowa) have asked Attorney General Eric Holder and Secretary of Homeland Security Jeh Johnson several questions about the government’s use of cell site simulators or “Stingray” devices to track cell phones. According to the letter, the Senators previously asked FBI Director James Comey about the FBI’s use of cell site simulators and, after two briefings with the Senators, the FBI announced a new policy that it would obtain search warrants before using the devices, subject to certain exceptions. The new letter raises questions about the broader use of cell site simulators by other law enforcement agencies and their impact on the privacy of innocent individuals. EPIC filled a lawsuit under the Freedom of Information Act in 2012, seeking information about the FBI’s use of cell site simulators and, in particular, what legal process the agency required before deploying the technology. As a result of EPIC’s lawsuit, more than 4,000 pages of partially-redacted FBI records were released to the public. For more information, see EPIC v. FBI - Stingray / Cell Site Simulator.
Facebook has modified its privacy and data use policies, effective January 1, 2015. Facebook will now allow advertisers to include a “buy” button directly on targeted advertisements on a user’s page. Facebook will also allow advertisers to use the location data gathered from tools like “Nearby Friends” and location "check-ins” to push geolocation-based targeted advertisements. For instance, a Facebook user who checks in near a restaurant that partners with Facebook may now be shown menu items from that restaurant. Last month, the Dutch data protection commission announced that it planned to open an investigation into Facebook’s policy modifications. In July 2014, EPIC and a coalition of consumer privacy groups urged the FTC to halt Facebook’s plan to collect web-browsing information from its users. Facebook is already under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. For more information, see EPIC: Facebook Privacy; and EPIC: FTC.