Daily updates on privacy stories in the news.

Defend Privacy. Support EPIC.

FTC Reaches Settlement with Customer Tracking Technology Firm Over Privacy Violations

The Federal Trade Commission announced a settlement with the firm Nomi, whose sensors recorded the physical location of customers in stores using their mobile devices' MAC addresses. Nomi's privacy policy stated that customers would be able to opt out of tracking, however, customers were not informed when they were being tracked. The settlement agreement will prohibit Nomi from deceiving consumers in their privacy policies. EPIC supports the use of privacy enhancing technologies to protect consumers from tracking, including the adoption of randomized MAC addresses that prevent persistent identification.

Senator McConnell Seeks Renewal of NSA Bulk Collection Program

Senate majority leader Mitch McConnell has introduced a bill that would extend the Patriot Act until 2020. Specifically, S. 1035 would renew the controversial Section 215 authorities for the NSA's telephone record collection program. The 215 authority is set to expire on June 1. EPIC urged the President and the Attorney General not to renew the 215 order after it became clear that the NSA routinely collected the telephone records of US citizens. EPIC previously petitioned the Supreme Court to suspend the program, arguing that the NSA program exceeded the section 215 legal authority.

Open Government Groups Oppose Cyber Security Bills

A broad coalition of organizations now oppose cybersecurity bills currently before Congress. The groups warn that the measures will increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance. Many have described the cyber security bills as "cyber surveillance" measures. Last year, EPIC won a five-year court battle against the NSA for NSPD 54-the foundational legal document for U.S. cybersecurity policies. The Directive reveals the NSA's interest in enlisting companies to monitor user activity in the United States.

Congress Proposes Bipartisan Student Privacy Bill

The House Education and Workforce Committee has proposed a discussion draft amending the Family Educational Rights and Privacy Act, a federal student privacy law. The draft recommends ways to strengthen the law, including: (1) protecting student data maintained by private companies; (2) shorter wait times for students to access their records; (3) permitting students to opt out of disclosing their data for certain research studies; (4) mandatory data security for schools; (5) written agreements detailing obligations of third parties receiving student data; (6) enhanced enforcement mechanisms; and (7) narrowing exceptions under which schools may disclose student data without consent.

Privacy Groups Appeal UK Surveillance Decision

Human rights organizations have appealed a judgment concerning GCHQ spying to the European Court of Human Rights. Liberty first challenged the GHCQ in case before the UK Investigative Powers Tribunal. The Tribunal ruled in December that the GCHQ complied Article 8 of the European Convention on Human Rights, but in February 2015 the Tribunal held that the oversight rules were not made accessible to the public as required by Article 8.

Beckstrom, Bryant and Strossen Join EPIC Advisory Board, Chip Pitts Named Chair

EPIC has announced the 2015 members of the EPIC Advisory Board. They are Rod Beckstrom, former CEO and President of ICANN, Kimberly Bryant, founder of Black Girls Code, and Nadine Strossen, professor at New York Law School and former President of the ACLU. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Human rights attorney and expert in corporate social responsibility Chip Pitts was also voted EPIC Board Chair.

Supreme Court Limits Traffic Stop Searches

The Supreme Court issued its opinion today in Rodriguez v. United States, a Fourth Amendment case involving the use of a drug-detection dog during a traffic stop. The Court found that it was unlawful for a police officer to detain a driver for the sole purpose of conducting a "sniff" test after the traffic stop was completed. The Supreme Court rejected the Government's argument that extending the stop to wait for a dog to search for drugs was "only a de minimis" intrusion of Fourth Amendment rights. EPIC previously filed an amicus brief in Florida v. Harris, a similar case before the Supreme Court concerning the use of canines for drug detection, arguing that the Fourth Amendment requires routine testing of investigatory techniques to assess reliability and establish reasonableness.

NGOs Urge European Commission to Uphold Privacy

EPIC has joined a coalition of over sixty NGOs from around the world in a letter to President Juncker of the European Commission, urging him to uphold robust data protection standards. The institutions of the European Union are currently negotiating the new General Data Protection Regulation. The European Commission previously promised that the Data Protection Regulation would be at least as strong as the 1995 Directive it replaces. In 2012, EPIC spoke before the European Parliament on "The Reform of the EU Data Protection Framework-Building Trust in a Digital and Global World."

NIST Seeks Comments on De-identification Report

The National Institute of Standards and Technology has released a draft report on "De-Identification of Personally Identifiable Information." The agency is requesting comments by May 15. The NIST report reviews de-identification techniques and research, including work by EPIC Advisory Board members Cynthia Dwork and Latanya Sweeney. Last year, in response to a similar request for comments, EPIC recommended Privacy Enhancing Technologies that "minimize or eliminate the collection of personally identifiable information." EPIC also expressed support for Fair Information Practices and the Consumer Privacy Bill of Rights.