Senator John Rockefeller (D-WV) is currently seeking information from ten U.S. airlines concerning how airlines safeguard consumer traveler data. Senator Rockefeller has requested information regarding: (1) the type of information airlines collect; (2) airlines' data retention periods; (3) airline privacy and security safeguards governing consumer information; (4) whether consumers may access and amend their information; (5) whether airlines sell or disclose consumer information and if so, to whom do they disclose the consumer data; and (6) how airlines inform consumers about airline privacy policies governing consumer information. EPIC routinely urges the Department of Homeland Security to provide privacy protections for air travelers and end the agency's secret "risk-based" passenger profiling. For more information, see EPIC: Air Travel Privacy, EPIC: Passenger Profiling, EPIC: Secure Flight, and EPIC: EPIC v. DHS (Suspension of Body Scanner Program).
Senator Charles Schumer has denounced the data collection practices of "activity trackers" such as FitBit. "Activity trackers" are mobile devices that record highly personal information about the wearer and constantly analyze the wearer's activities, including their diet, exercise, sleep, and even sexual habits. However, it is not clear whether federal privacy law protects this personal data from disclosure to third parties. EPIC has commented extensively on the privacy protections that are necessary in the "internet of things." EPIC has frequently pointed out the potential for misuse when companies collect data about sensitive consumer behavior. EPIC has made several recommendations to improve the privacy protections on devices such as "activity trackers," including requiring companies to adopt Privacy Enhancing Techniques, respect a consumer’s choice not to tracked, profiled, or monitored, minimize data collection, and ensure transparency in both design and operation of Internet-connected devices. For more information, see EPIC: FTC and EPIC: Practical Privacy Tools.
Documents Obtained by EPIC Lawsuit Show NSA’s Internet Metadata Program Was Sharply Criticized By FISA Judges While Congressional Oversight Lagged for Years
In a FOIA lawsuit against the Department of Justice, EPIC has obtained many documents about the NSA's Internet Metadata program. These include the Government's original FISA application seeking authorization to collect data from millions of e-mails, as well as declarations from NSA officials describing the program. The documents show that FISA Court Judge John Bates chastised the agency for "long-standing and pervasive violations of the prior [court] orders in this matter.'' The FISA Court first authorized the program in 2004, but the documents obtained by EPIC show that the legal justification was not provided to Congress until 2009. The documents also reveal that the DOJ withheld information about the program in testimony for the Senate Intelligence hearing prior to the reauthorization of the legal authority. The program was shut down in 2011 after a detailed review. For more information, see EPIC v. DOJ (FISA Pen Register) and EPIC: Foreign Intelligence Surveillance Court.
The Federal Trade Commission has responded to EPIC's letter urging the agency to oppose a collusive Google class action settlement. The agency stated that it "systematically monitors compliance" with its consumer protection orders and that it "takes alleged violation[s] of an order seriously," but that it cannot publicly disclose details of its investigations until a formal complaint is issued. In 2010, Google was sued for sharing user web browsing information with advertisers. Under the proposed settlement agreement, Google will distribute several million dollars to a handful of organizations, many of which already have ties to the company. EPIC and other privacy organizations urged the Commission to formally object because the proposed agreement "confers no monetary relief to class members, compels no change in Google's behavior, and misallocates the cy pres distribution." The agency has a history of filing objections - it filed a similar objection in Fraley v. Facebook, an unfair class action settlement in the Ninth Circuit. For more information see EPIC: FTC and EPIC: Search Engine Privacy.
EPIC has filed a Freedom of Information Act request for the Central Intelligence Agency Inspect General's report detailing the agency's surveillance of the Congressional Intelligence Committee. In March 2014, Senator Dianne Feinstein (D-CA), head of the Senate Intelligence Committee, publicly accused the CIA of secretly removing documents from the Committee, searching computers used by the Committee, and attempting to intimidate congressional investigators by requesting a Federal Bureau of Investigation inquiry of their conduct. The Committee had been investigating the CIA's torture program. After Senator Feinstein publicly accused the agency of spying, the CIA's Inspector General conducted an investigation and concluded that the agency's actions had been improper. However, the Inspector General has failed to the actual report public. EPIC has demanded a copy of the full report, as well as associated documents. For more information see: EPIC: FOIA Cases and EPIC v. CIA (Domestic Surveillance).
EPIC, along with a group of consumer privacy organizations, has asked the Federal Trade Commission to object to an unfair class action settlement in California federal court. In 2010, Google was sued for sharing user web browsing information with advertisers. Under the proposed settlement agreement, Google will distribute several million dollars to a handful of organizations, many of which already have ties to the company. EPIC and other privacy organizations have argued that the proposed agreement "confers no monetary relief to class members, compels no change in Google's behavior, and misallocates the cy pres distribution" to organizations that are "not aligned with the interests of class members and do not further the purpose of the litigation." The consumer groups, who have already written to the court opposing the settlement, urged the Federal Trade Commission to object as well. The agency filed a similar objection in Fraley v. Facebook, an unfair class action settlement in the Ninth Circuit. For more information, see EPIC: FTC and EPIC: Search Engine Privacy.
EPIC has filed a Freedom of Information Act lawsuit to obtain details about the Federal Bureau of Investigation's surveillance programs. The agency is required to conduct privacy impact assessments when it collects and uses personal data. However, the Bureau has failed to publicly release privacy impact assessments for many of its programs, including facial recognition, drones, and license plate readers. According to the E-Government Act and Justice Department guidelines, all privacy assessments should be made public if practicable. EPIC, joined by a coalition of organizations, recently urged the Attorney General to immediately conduct a privacy assessment of the FBI's Next Generation Identification (NGI) program. The NGI program collects massive amounts of biometric data on U.S. citizens. For more information, see EPIC: EPIC v. FBI - Privacy Assessments.
EPIC has filed a series of Freedom of Information Act requests for documents related to the Government's collection of private communications data under Executive Order 12333. EPIC is seeking secret policies that govern the collection of Internet data by U.S. intelligence agencies outside of the United States. Former government officials have warned that these procedures allow the government to spy on Americans in violation the Fourth Amendment. The Washington Post also reported last year that the NSA had infiltrated private communications held on servers abroad. EPIC's requests to the Attorney General, the Director of National Intelligence, the NSA and other intelligence agencies will help to shed light on these invasive programs. For more information, see EPIC: Executive order 12333.
DC Circuit Rules for EPIC in Case Against NSA, Vacates Lower Court Ruling That Secret Order Is Not Subject to FOIA
The U.S. Court of Appeals for the D.C. Circuit ruled in favor of EPIC today in a Freedom of Information Act case seeking the full text of National Security Presidential Directive 54, a previously-secret Presidential order granting the government broad authority over cybersecurity matters. EPIC successfully obtained the Directive from the NSA, and the DC Circuit has vacated the lower court’s Fall 2013 ruling that NSPD-54 was not an “agency record” subject to the FOIA. The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. EPIC has several related FOIA cases against the NSA pending in federal court. For more information, see EPIC v. NSA: NSPD-54 Appeal and EPIC: Freedom of Information Act Cases.