Landau, "A Gateway for Hackers:
The Security Threat in
the New Wiretapping Law"

EPIC Testifies Before Congress on Data Breach Bill, Urges Changes to Strengthen Act
EPIC Director Marc Rotenberg testified before Congress on the Data Accountability and Trust Act, which would require security policies for consumer information, regulate the information broker industry,  and establish a national  breach notification law. Rotenberg said "companies need to know that they will be expected to protect the data they collect and that, when they fail to do so, there will be consequences." The EPIC Director opposed the preemption of stronger state laws, and recommended the use of text messages for breach notices, and suggested that personally identifiable information be broadly defined to include any information that "identifies or could identify a particular person." To learn more about Identity Theft, see EPIC's Identity Theft page. (May 5).

DHS Seeks Nominations to the Agency's Data Privacy and Integrity Advisory Committee
The Department of Homeland Security is seeking applications for appointments to the agency's Data Privacy and Integrity Advisory Committee. The committee provides advice at the request of the Secretary of DHS and the agency's Chief Privacy Officer on privacy related matters. The agency is seeking to fill two terms that would expire in January 2012, and January 2013. Applications for the positions must be received by the agency on or before June 8, 2009. For more information, see: EPIC's Web page Spotlight on Surveillance. (May 5)

For Identity Theft Law, Supreme Court Rules that the Government Must Prove Intent to Impersonate
In a critical case for the emerging field of identity management, the Supreme Court today reversed a lower court opinion and ruled unanimously in favor of the petitioner. The Court held that individuals who provide identification numbers that are not their own, but don’t intentionally impersonate others, cannot be subject to harsh criminal punishments under federal law. The case involved a mandatory 2-year prison term, added on to a prior conviction, for presenting a fake Social Security Number to an employer. EPIC filed an amicus brief in support of the petitioner, arguing that the "unknowing use of inaccurate credentials does not constitute identity theft." For more information, see EPIC, Flores-Figueroa v. United States. (May 4)

EPIC Seeks Government Agreements with Social Networking Companies
EPIC submitted a Freedom of Information Act request to the Government Services Administration seeking agency records concerning agreements the GSA negotiated between federal agencies and social networking services, including Flickr, YouTube, Vimeo, Blip.tv, and Facebook. In the FOIA request, EPIC is asking for the public release of the contracts and any legal opinions concerning the application of the Privacy Act of 1974 and Freedom of Information Act to the services that collect information on citizens. For more information see EPIC’s pages Social Networking, Facebook, and Cloud Computing. (Apr. 30)

EPIC Urges Greater Accountability for Network Surveillance
Today, EPIC asked Senator Patrick Leahy to investigate the Department of Justice's failure to make public statistics detailing federal use of "pen registers" and "trap and trace" devices, which record "non-content" information about telephone calls, email and web traffic. In a letter to the Chairman of the Senate Judiciary Committee, EPIC observed that the Attorney General is required to provide to Congress detailed statistics concerning the use of these techniques. Yet, "the DOJ does not publicly disclose pen register reports as a matter of course." EPIC also raised questions regarding the agency's compliance with reporting requirements for the period 2004-2008. The lack of public accountability for these network monitoring techniques contrasts with the U.S. Courts' routine public reporting of federal wiretaps, EPIC said. The Courts released the most recent wiretap report on April 27, 2009. For more information, see EPIC's Wiretapping page. (Apr. 29)

Applications for Court Approved Wiretaps Down in 2008
According to the 2008 Wiretap report, federal and state courts issued 1,891 orders for the interception of wire, oral or electronic communications in 2008, down from 2,208 in 2007. (Dept. of Justice Press release.) As in the last three years, no applications for wiretap authorizations were denied by either state or federal courts. The total number of authorized wiretaps had grown in each of the six past calendar years, beginning in 2003. The 2008 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act or interceptions approvedby the President outside the exclusive authority of the federal wiretap law and the FISA. See EPIC Wiretapping page and EPIC Title III Orders. (Apr. 28)

Privacy and Consumer Groups Seek New FTC Commissioner
EPIC joined other privacy and consumer organizations on a letter to President Obama urging the appointment of a pro-consumer Commissioner to the Federal Trade Commission (FTC). The groups called for the appointment of someone with a “distinguished record of achievement in consumer affairs, with a demonstrated commitment to protecting the public.” The Commission has been one person short of its full membership since former Chair Deborah Platt Majoras left the agency last year. The President appointed Jon Leibowitz to serve as the current chair of the FTC. For more information, see EPIC’s page on the Federal Trade Commission. (Apr. 27)

Congressman Seeks Ban on Whole-Body Imaging at Airports
Congressman Jason Chaffetz has introduced legislation seeking a ban on Whole-Body Imaging machines installed by the Transportation Security Administration in various airports across America. Describing the method as unnecessary to securing an airplane, Congressman Chaffetz stated that the new law was to "balance the dual virtues of safety and privacy." The TSA recently announced plans to make the scanners, which capture a detailed picture of travelers stripped naked, the default screening device at all airport security checkpoints. For more information, see EPIC's Whole Body Imaging page. (Apr. 24)

Facebook Gets Ready to Adopt Terms of Service
Facebook has announced the results of the vote on site governance. The initial outcome indicates that approximately 75 percent of users voted for the new terms of service which includes the new Facebook Principles and Statement of Rights and Responsibilities. Under the new Principles, Facebook users will "own and control their information." Facebook also took steps to improve account deletion, to limit sublicenses, and to reduce data exchanges with application developers. EPIC supports the adoption of the new terms. For more information, see EPIC's page on Social Networking Privacy. (Apr. 24)

EPIC Urges Congress to Act on Internet Privacy
In testimony before a Congressional Committee, EPIC Director Marc Rotenberg urged lawmakers to address the growing threat to online privacy of new tracking techniques. Mr. Rotenberg said, "From the user perspective, the threats to privacy online are increasing. Unregulated data collection continues. Privacy policies are opaque and ineffective. Users are unable to exercise any meaningful control over the personal information that is obtained by firms when they visit sites, purchase online, or participate in the rapidly growing world of social networking." EPIC warned that these practices also pose a threat to technical standards that are necessary to protect network integrity, as well as the revenue of web publishers. For more information, see EPIC's page on Deep Packet Inspection and NCTA v. FCC. (Apr. 23)

Supreme Court Hears Case on Strip-Search of Young Student by Schools Officials Looking for Advil
The Supreme Court heard a case involving a traumatic strip-search of a thirteen-year-old girl by school officials looking for an ibuprofen tablet. The
search was conducted based on allegation by another student, who had been caught with drugs. A federal appelate court held that the search of the student was unreasonable and that a school official could be liable for violating the girl's Fourth Amendment rights. The school appealed to the Supreme Court and argued that the search was reasonable and the school official had qualified immunity. The respondent student replied that the search was highly invasive and the official should be held responsible. See also EPIC's page on Student Privacy. (Apr. 21)

Facebook Seeks Vote on Site Governance
In February, Facebook announced that it was opening its site governance to user voting after the new Terms of Service were widely criticized, and were to be the subject of an EPIC complaint to the Federal Trade Commission. Facebook restored the old terms and sought user feedback on the new Facebook Principles and the Statement of Rights and Responsibilities. These governing documents have now been updated to reflect feedback from users and experts. The voting to adopt the new terms or to maintain the previous terms is now open till April 23, 11:59 a.m. PDT. For more, see the efforts of People Against the New Terms of Service, and EPIC's Social Networking Privacy page. (Apr. 20)

EPIC Urges Massachusetts High Court to Protect Drivers From Warrantless Tracking by Law Enforcement, Warns of "Pervasive Mass Surveillance"
Today, EPIC filed a "friend of the court" brief in the Massachusetts Supreme Judicial Court, urging the Justices to require a warrant before police covertly track drivers using concealed surveillance technology. In Commonwealth v. Connolly, the Court will determine whether the police must obtain a search warrant before covertly installing location tracking devices on individuals' cars. The systems record a vehicle's location and speed around the clock, and transmit the data to police. EPIC said the profileferation of police tracking devices "creates a large, and largely unregulated, repository containing detailed travel profiles of American citizens." The EPIC brief warned that "law enforcement access to such information raises the specter of mass, pervasive surveillance without any predicate act that would justify this activity." For more, see EPIC's Commonwealth v. Connolly page. (Apr. 20)

Senate to Investigate NSA "Overcollection"
Senator Dianne Feinstein has announced that the Senate Intelligence Committee will hold a hearing on the National Security Agency's interception of phone calls and private e-mail messages of Americans. Recently, the New York Times reported that the NSA's activities went beyond the legal limits established by the Congress last year. EPIC has a related lawsuit asking a federal court to force the release of memos on the legal authority for domestic surveillance of American citizens. For more information, see EPIC's page on Freedom of Information Act Work on the National Security Agency's Warrantless Surveillance Program. (Apr. 17)

European Commission Seeks to Protect Internet Privacy
Following complaints about Phorm's Deep Packet Inspection Technology with UK internet service providers, the European Commission has opened a formal investigation. The EU e-Privacy and Data Protection Directives protect the confidentiality of communications by prohibiting interception and surveillance without the user's consent. Deep Packet Inspection allows internet service providers to intercept virtually all customers' Internet activity, including web surfing data and other Internet related activities. The Commission charges that the UK government could not permit this activity under European Union privacy law. In the US, Congressional leaders also objected to Deep Packet Inspection. For more information, see EPIC's page on Deep Packet Inspection and Privacy and Privacy Human Rights Report. (Apr. 14)

EPIC Demands Disclosure of Documents Detailing "Virtual Strip Search" Airport Scanners
Today, EPIC filed a Freedom of Information Act request demanding disclosure of records detailing airport scanners that take naked pictures of American travelers. Security experts describe the "whole body imaging" scanners as virtual strip searches. The Transportation Security Administration plans to make the scans mandatory at all airport security checkpoints, despite prior assurances that whole body imaging would be optional. EPIC's request seeks documents concerning the agency's ability to store and transmit detailed images of naked U.S. citizens. For more information, see EPIC's Whole Body Imaging page and EPIC's FOIA Litigation Manual (Apr. 14)

FCC Proposes Nationwide Broadband Expansion, Seeks Public Comments on Privacy Safeguards
Today, the Federal Communications Commission announced that it will develop a plan to expand broadband access. The plan will attempt to "ensure that every American has access to broadband capability," and will be submitted to Congress in February 2010. The Commission seeks comments from the public concerning how to best safeguard consumers' privacy in the face of technologies such as deep packet inspection and behavioral advertising. Chairman Michael J. Copps identified priorities for the broadband expansion, including "avoiding invasions of people’s privacy." EPIC previously advocated for the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. For more information, see EPIC's pages on deep packet inspection. (Apr. 8)

Five Country Study Finds Diminished Protection for Anonymity
A new study by leading scholars from the USA, Canada, UK, Netherlands and Italy has revealed that laws are reinforcing technology's ability to undermine the anonymity of citizens. The law reveals a preference for legislation requiring people to submit to identification and an increasing encroachment of rules into areas where there were previously no regulations prohibiting anonymity. EPIC was a partner in the project. Consider purchasing the Lessons from the Identity Trail. For more information, see EPIC's page on Free Speech and Internet Anonymity. (Apr. 7)

Previous Top News Archive

Invitation
Reply
Register

"EPIC@15 Anniversary Dinner"

Cosmos Club
Washington, DC
June 9, 2009

Upcoming Events

"Legislative Hearing on H.R. ___ The Data Accountability and Protection Act and H.R. 1319, the Informed P2P User Act"

Marc Rotenberg,
EPIC Executive Director

Committee on Energy and Commerce, Subcommittee on Commerce, Trade, and Consumer Protection
U.S. Congress
Washington, DC
May 5, 2009
__________

More EPIC Events

EPIC Bookstore

Spotlight on Surveillance

Proposed ‘Enhanced’ Licenses Are Costly to Security and Privacy

Hot Topics

May 2009
Automated Targeting System
Cloud Computing
Deep Packet Inspection
Domestic Surveillance
Facebook
FISA
Fusion Centers
Iraqi Biometric Identification System
Medical Record Privacy
National ID
National Security Letters
Open Government
Passport Privacy
Phone Records
Privacy Convention
Search Engine Privacy
Social Networking Privacy
Whole Body Imaging

EPIC Docket Highlights

May 2009
In re Google and Cloud Computing
EPIC v. FTC
EPIC v. VSP (Fusion Centers)
EPIC FTC Complaint (Google)
Gonzales v. ACLU
EPIC v. DHS (passenger data)
EPIC v. DOJ (NSA surveillance)
EPIC v. DOJ (IOB reports)
EPIC v. DOD (TIA/fee waiver)
Illegal Sale of Phone Records

EPIC amicus briefs:
Commonwealth v. Connolly (GPS Tracking)
Flores-Figueroa v. United States (Identity Theft)
Bunnell v. MPAA (Wiretap)
Crawford v. Marion County (Voter ID)
Doe v. Chao (Privacy Act)
BATF v. Chicago (FOIA)
Watchtower Bible v. Stratton (Anonymity)
Reno v. Condon (DPPA)
Smith v. Doe (Megans Law)
Gilmore v. Ashcroft (Secrecy)
ACLU v. DOD (Secrecy)
Gonzales v. Doe (Wiretap)
Hepting v. AT&T (Wiretap)
Herring v. US (Errors in databases)
Hiibel v. Nevada (Anonymity)
IMS Health v. Ayotte
(Medical privacy)
Kehoe v. Fidelity Bank (Consumer privacy)
Kohler v. Englade (DNA)
NCTA v. FCC (Phone records privacy)
New Jersey v. Reid
(ISP subscriber privacy)
Peterson v. NTIA (WHOIS data)
US v. Councilman (Wiretap)

Complete EPIC Docket