Daily updates on privacy stories in the news.

Defend Privacy. Support EPIC.

FTC Sues Amazon Over Billing for Childrens' In-App Purchases

The FTC has filed a lawsuit alleging that "Amazon.com, Inc. has billed parents and other account holders for millions of dollars in unauthorized in-app charges incurred by children." FTC Chairwoman Edith Ramirez said, "Amazon's in-app system allowed children to incur unlimited charges on their parents' accounts without permission. Even Amazon's own employees recognized the serious problem its process created." The FTC recently settled similar charges with Apple. In that case, the FTC charged Apple with "billing consumers for millions of dollars of charges incurred by children in kids' mobile apps without their parents' consent." Under the terms of the settlement, Apple must provide a refund for affected consumers and must change its billing practices to ensure that it has obtained express, informed consent from consumers before charging them for items sold in mobile apps. Previously, EPIC filed a complaint with the FTC over Amazon's collection of children's data. EPIC explained that Amazon was violating the Children's Online Privacy Protection Act by allowing children to post content, including personally identifiable information, without their parents' permission. EPIC currently has several complaints pending with the FTC. For more information, see EPIC: FTC.

EPIC Defends FOIA Victory in Federal Appeals Court

EPIC has filed a brief in response to an appeal by the Department of Justice in EPIC v. DHS, concerning the government policy to disrupt cellular networks. EPIC won a major FOIA victory when a federal district court ruled that the DHS could not withhold "SOP 303," a government procedure to shut down cellular phone service. EPIC sought the policy after authorities shut down cell phone service at a peaceful protest in San Francisco. The government argued it did not need to release the document to EPIC because it was a "law enforcement technique" and because it would endanger the physical safety of an individual. The federal court rejected those arguments and ordered that the document be disclosed to EPIC, pending a decision on the appeal. For more details, see EPIC v. DHS—SOP 303.

EPIC Challenges Facebook's Manipulation of Users, Files FTC Complaint

EPIC has filed a formal complaint to the Federal Trade Commission concerning Facebook's manipulation of users' News Feeds for psychological research. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has charged that the study violates a privacy consent order and is a deceptive trade practice. In 2012, Facebook subjected 700,000 users to an "emotional" test with the manipulation of News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In the complaint, EPIC explained that Facebook's misuse of data is a deceptive practice subject to FTC enforcement. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.

Congress May Cut Funding For Surveillance Blimps Over DC

The Department of the Army is seeking $54 million to fund the Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System, or JLENS. The request is part of the Fiscal Year 2015 Defense Budget that Congress is currently considering. The system consists of long-range surveillance technologies and targeting capabilities including HELLFIRE missiles. JLENS was originally deployed in war zones in Iraq and Afghanistan. The Army wants to test the system in Washington, DC, but the program has come under scrutiny by Congress because of cost overruns. EPIC recently filed a Freedom of Information lawsuit against the Army, seeking more information about the JLENS program. For more information, see EPIC: EPIC v. Army - Surveillance Blimps.

Privacy Panel Backs PRISM Program

In a surprising report, the US Privacy and Civil Liberties Oversight Board has endorsed the US government's routine collection of the Internet activities of non-US persons, broadly referred to as the "PRISM Program." The NSA obtains this information from Internet companies located in the United States. The Board cited the value of the program and compliance with the law, but said little about the impact on non-US persons. EPIC opposed a similar program concerning the collection of domestic telephone records in a petition to the US Supreme Court last year. EPIC has also said that the collection of communications by the US should be subject to international privacy law, such as the International Covenant on Civil and Political Rights. It is anticipated that foreign countries will continue to transfer cloud-based services away from US firms because of the lax privacy safeguards in the United States. For more information, see EPIC: In re EPIC and EPIC: International Privacy Standards.

FTC Releases 2014 Data Security Update, But Enforcement Questions Remain

The Federal Trade Commission has released the 2014 Privacy and Data Security Update. The report is "an overview of the FTC's enforcement, policy initiatives, and consumer outreach and business guidance in the areas of privacy and data security." In the report, the FTC explains that "If a company violates an FTC order, the FTC can seek civil monetary penalties for the violations." However, the FTC has consistently failed to enforce consent orders with Google, Facebook, and other companies that have engaged in unfair or deceptive trade practices. The Commission has also failed to modify proposed settlement agreements after seeking public comment. For more information, see EPIC: FTC, EPIC: Facebook Privacy, and EPIC: In re: Google Buzz.

Attorney General Supports Privacy Act Protections for E.U. Citizens

Speaking in Athens at a meeting between US and EU officials, Attorney General Eric Holder announced that the Obama Administration will work with Congress to extend Privacy Act protections to E.U. citizens. Mr. Holder stated, "the Obama Administration is committed to seeking legislation that would ensure that...EU citizens would have the same right to seek judicial redress for intentional or willful disclosures of protected information, and for refusal to grant access or to rectify any errors in that information, as would a U.S. citizen under the Privacy Act." EPIC has previously recommended that Privacy Act safeguards be extended to non-US persons. iIn 2012, EPIC also urged Congress to update the Privacy Act. In 2011, EPIC filed a "friend of the court" brief in the Supreme Court, arguing that the Privacy Act provides damages for mental and emotional harm. EPIC routinely submits comments to federal agencies, urging enforcement of Privacy Act protections. For more information, see EPIC: The Privacy Act of 1974 and EPIC: FAA v. Cooper.

FAA, Park Service Ground Drones, Cite Safety Concerns

The Federal Aviation Administration released a proposed Special Rule for Model Aircraft which will prohibit the use of drones for the delivery of packages and other commercial services. At the end of last year, Amazon had raised the prospect of delivering packages via drones. The agency has requested comments on the proposal. A recent Washington Post series highlighted numerous close encounters between commercial aircraft and small drones, as well as many incidents were drones fell from the sky. The National Park Service has prohibited the use of drones in national parks, citing safety concerns. Last year, EPIC urged the Federal Aviation Administration to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

Supreme Court Rejects Google's Street View Appeal

The U.S. Supreme Court has denied a petition from Google to reverse the decision in the Google Street View case. In Joffe v. Google, Internet users sued Google for intercepting private communications, including passwords, medical records, and financial information, of millions of users across the country. EPIC filed a friend of the court brief in support of Internet users, arguing that Wi-Fi communications are not "readily accessible to the general public," and that companies should not intercept communications of private residential networks. The Ninth Circuit agreed and found that the wiretap exception for access to "radio communications" does not apply to Wi-Fi networks. More than twelve countries have investigated Google for its collection of private Wi-Fi data, and at least nine countries have found that Google violated their national wiretap laws. For more information, see EPIC: Joffe v. Google and EPIC: Investigations of Google Street View.