On February 16, 2012, the House Committee on Homeland Security will hold a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." The hearing was called after EPIC obtained nearly 300 pages of documents, as a result of a Freedom of Information Act lawsuit, detailing the Department of Homeland Security's monitoring of social networks and media organizations. The documents included guidelines from DHS instructing General Dynamics to monitor for media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring.
In response to growing concern about the impact of Google's proposed policy change on user privacy and cloud-computing services, the company said that its planned privacy changes will not apply to US federal agencies. A report from Safegov.org "Google’s New Privacy Policy Is Unacceptable and Jeopardizes Government Information in the Cloud" recommended that "Google immediately suspend the application of its new privacy policy to Google Apps For Government users." Google told POLITICO's Morning Tech "cloud contracts are crafted with 'narrow, specific obligations' on how data can be used and stored. And those data requirements in the cloud contracts trump the company's standard privacy policy."
Leading privacy officials in Europe have asked Google "for a pause" in the company's planned consolidation of user data "in the interests of ensuring that there can be no misunderstanding about Google's commitments to the information rights of their users and EU citizens. . ." EU Commissioner Vivian Reding (@VivianeRedingEU) has expressed support, tweeting "Good that Europe's data protection authorities are ensuring @Google's new privacy policy complies with EU law." EPIC has urged the United States to begin the process of ratification of Council of Europe Privacy Convention, which would establish global standards for privacy protection.
EPIC has filed a Freedom of Information Act request with the Federal Trade Commission for the Privacy Report that Google was recently required to submit to the agency. The Commission had previously investigated Google after EPIC filed a complaint regarding Google's Buzz product, which transformed private user contacts into publicly available social network data. Last fall the Commission reached a settlement with Google and, as a result, the company is subject to a consent order that requires it to file regular reports with the Commission. EPIC has requested that Google's first report, filed on January 26, 2012, be released to the public. Because of Google's plan to change its business practice on March 1, 2012, EPIC has asked the FTC to expedite the disclosure of the report. For more information see EPIC: In re Google Buzz.
In detailed comments to the Federal Trade Commission, EPIC today recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. EPIC said that facial recognition is often used by strangers to determine a person's actual identity and that this poses a risk to privacy and personal security. EPIC also noted that some companies have adopted techniques that are more favorable to privacy as they allow users to control the image database while others undermine privacy, as the image database is centrally maintained. EPIC previously submitted a complaint to the FTC about Facebook's use of facial recognition technology to build a secret database of users' biometric data and allowing the company to automatically tag users in photos. The comments follow an FTC workshop exploring the privacy and security issues raised of facial recognition technology. For more information, see EPIC: Federal Trade Commission, EPIC: Face Recognition, and EPIC: Facebook and Face Recognition.
At a hearing before the Senate Judiciary Committee, EPIC Executive Director Marc Rotenberg is expected to make several recommendations to Congress about how to update and modernize the Video Privacy Protection Act, a law passed by Congress in 1988. Among the changes recommended, EPIC will propose that Congress make clear that the law covers all video service providers (including Netflix), allow users to inspect the information that video providers collect about them as well as the algorithms that are used to recommend selections, treat IP addresses and user IDs as "personally identifiable information," inflation-adjust the damages provision, and require companies to encrypt the data collected on users. For more information, see EPIC Video Privacy Protection.
Speaking this week at the Computers, Privacy and Data Protection conference, EPIC President Marc Rotenberg expressed support for the Council of Europe Privacy Convention. Two years ago, twenty-nine members of the of the EPIC Advisory Board, experts in privacy law and technology, sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. They wrote, "privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all." Speaking in Brussels, Mr. Rotenberg reiterated EPIC's support for the Convention and also called attention to recent changes that modernize and update the international privacy framework.
Eight members of Congress wrote to Google asking the company to explain the "steps [that] are being taken to ensure the protection of consumers' privacy rights." The letter follows Google's announcement that it would begin combining data gathered on consumers of over 60 Google products and services, including Gmail, Google+, Youtube, and the Android mobile operating system. The members' letter includes 11 specific questions ranging from the ways in which Google collects information to the specific consequences for Android phone users. In 2010, EPIC, along with other privacy groups, wrote a letter to Google about the company's decision to combine user data among 12 Google services. The groups warned that the practical effect would be to reduce privacy protection for users of Google services. For more information, see EPIC: In re: Google Buzz and EPIC: Google search.
EPIC has given the 2012 Privacy Champion Awards to Canadian Privacy Commissioner Jennifer Stoddart and privacy technologist Christopher Soghoian. EPIC called Stoddart a "steadfast defender of privacy" and cited her work to strengthen international collaboration among privacy officials. Of Soghoian, EPIC said he is "an expert technologist dedicated to privacy," and cited his ability to combine technical know-how, legal expertise, and clever campaign tactics. EPIC Champion of Freedom press release. Stoddart acceptance speech.
