The Senate Judiciary Committee is set to consider S. 1223, the Location privacy Act of 2011, sponsored by Senator Al Franken. The bill would establish important privacy protections for cellphone users and require affirmative consent for the collection or disclosure of location data by service providers. EPIC previously recommended new protections for location data as part of the update of federal law. EPIC also filed comments with the Federal Communications Commission supporting guidelines for the protection of location data under the federal Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act.
EPIC has submitted extensive comments to the Defense Logistics Agency, an agency component within the Department of Defense, opposing changes to the Freedom of Information Act (FOIA). The agency's proposals will substantially alter the Defense Logistics Agency FOIA Program, and modify key terms governing FOIA processing, general FOIA policy, exemptions under the FOIA, and fee waivers. EPIC said that several of the proposals are contrary to law, exceed the scope of the agency's authority, and should be withdrawn. EPIC further stated that the proposals contravene statements of the President and Attorney General concerning government transparency EPIC routinely submits comments on proposed changes to FOIA regulations, warning agencies not to erect new obstacles to those seeking information about government. The statement to the DLA was prepared with the assistance of students at the Georgetown University Law Center studying the law of open government. For more information, see EPIC: Open Government.
The Supreme Judicial Court of Massachusetts has ruled that no search warrant is required to check the recent call list of a flip phone seized during a lawful arrest. However, the Court in Commonwealth v. Phifer emphasized that the ruling is narrow and fact-specific. Different facts, a more invasive search, or a more complex phone could result in a different outcome, said the Massachusetts high court. In the case, police witnessed a drug deal, arrested the dealer, and then checked the phone's call log for evidence of recent drug sales. The Massachusetts Court analogized searching the phone in these circumstances to searching a container that could contain contraband. The Supreme Judicial Court issued a similar ruling in a contemporaneous companion case, Commonwealth v. Berry. In a previous Massachusetts case in which EPIC filed a "friend of the court" brief, the Supreme Judicial Court ruled that sensitive data obtained from GPS tracking requires a search warrant. For more information, see EPIC: Locational Privacy and EPIC: Commonwealth v. Connolly.
Facebook has proposed changes to its policies that would (1) end user voting, (2) remove spam blocking, and (3) share FB user data with affiliates without user consent. EPIC and others are urging Faceboook users to participate in the Facebook Governance Vote and to vote for EXISTING documents. Anyone with a Facebook account can VOTE HERE. #existingdocuments
In a letter to the Senate Commerce Committee, EPIC has recommended that Congress require the Federal Trade Commission to consider more carefully the public's views on proposed privacy settlements. EPIC also recommended that the FTC require compliance with the Consumer Privacy Bill of Rights for companies that violate consumer privacy. The Committee is holding a hearing on the nomination of Joshua Wright to the FTC. The letter states that EPIC takes no position on the nomination of Dr. Wright, but encourages Congress to take the opportunity to explore the Commission's response to growing public concerns about privacy. EPIC routinely submits comments to the FTC on proposed consent orders, most recently on the Compete, Inc. settlement. EPIC has also recommended that the FTC promote the Consumer Privacy Bill of Rights in privacy settlements. For more information, see EPIC: Federal Trade Commission.
In a letter to Representatives Mike Rogers and Shelia Jackson-Lee, EPIC has asked Congress to suspend funding for the airport body scanner program until the TSA has completed a court-ordered public rulemaking. The letter follows a House oversight hearing where members of Congress learned that the TSA had shipped millions of dollars worth of backscatter X-ray devices to warehouses. Earlier the TSA stated that it was moving the devices to smaller airports for efficiency reasons. Backscatter X-ray devices are currently prohibited in Europe. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program), EPIC: Whole Body Imaging Technology and Body Scanners ("Backscatter" X-Ray and Millimeter Wave Screening) and EPIC: EPIC: Body Scanner FAQ.
The Senate Judiciary Committee approved a bill that updates the Electronic Privacy Communications Act and modifies the Video Privacy Protection Act. The bill generally requires law enforcement to obtain a warrant before accessing email or other electronic communications and allows for blanket consent of video viewing information. An amendment by Senator Feinstein, adopted by the Committee, limited the opt-in to two years or till whenever the user withdraws consent. EPIC previously testified against a proposal that would weaken the consent provision of the Video Privacy Protection Act. EPIC has also favored more extensive updates for ECPA, including coverage of locational information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Video Privacy Protection Act.
NASA has announced that the theft of an unencrypted laptop has compromised the personal information of a "large number" of NASA employees and contractors. A similar theft earlier this year exposed the data of thousands of Kennedy Space Center employees. The federal agency said that by the end of the year all NASA laptops must have full-disk encryption. The recent developments follow a 2010 United States Supreme Court case, NASA v. Nelson, in which a federal contractor challenged NASA's overly broad collection of personal information. EPIC filed an amicus curiae brief in support of the contractor Robert Nelson, arguing that there were insufficient legal protections and that NASA's systems are vulnerable to data breaches. Robert Nelson is among the employees and contractors who this week received a notice from NASA about the data breach. For more information, see EPIC: NASA v. Nelson and EPIC: Privacy Act.
EPIC has appealed a decision by the National Security Agency to deny EPIC's Freedom of Information Act Request for the public release of Presidential Policy Directive 20. The Policy Directive expands the NSA's cybersecurity authority and has raised concerns about government surveillance of the Internet. EPIC's FOIA appeal points to numerous substantive and procedural defects in the NSA's response, and highlights the importance of public discussion of cyber security authority. The NSA has ten days to respond to EPIC's appeal. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority.
