WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2013 >> [2013] EPICAlert 1

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 20.01 [2013] EPICAlert 1

EPIC Alert 20.01

======================================================================= E P I C A l e r t ======================================================================= Volume 20.01 January 16, 2013 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." =========================================================================== Table of Contents =========================================================================== [1] EPIC Succeeds in Fight Against Protective Order in FOIA Case [2] EPIC Sues CIA for Details of NYPD Spying [3] EPIC Obtains Documents on NSA's 'Perfect Citizen' Program [4] FTC Closes Investigation into Google Search Bias [5] Supreme Court Hears Arguments on Driver Records Privacy Protection [6] News in Brief [7] EPIC Bookstore [8] Upcoming Conferences and Events TAKE ACTION: Attend EPIC's Drone Symposium in Washington, DC, Jan. 15! - ATTEND the Symposium: _ LEARN about Drones: - SUPPORT EPIC: ======================================================================== [1] EPIC Succeeds in Fight Against Protective Order in FOIA Case ======================================================================== A federal judge has vacated provisions in a prior court order that would have limited the ability of FOIA requesters to disseminate information to the public. The Washington, DC, federal district court agreed with EPIC's argument during a January 8 Motion for Reconsideration that protective orders are inappropriate in Freedom of Information Act (FOIA) cases. A protective order, or "gag order," prevents a party from publicly disclosing information it obtains during litigation. Judge Gladys Kessler further stated, "There is no question the Government did not take seriously its obligation" under a previous court order. In 2012, EPIC filed a FOIA lawsuit against the Department of Homeland Security after the agency failed to respond to EPIC's request for documents about the agency's plan to monitor Internet traffic. When DHS was nonresponsive, EPIC sued DHS for compliance with statutory obligations under the FOIA. During January 8 oral argument, counsel for the US Justice Department contended that EPIC should agree to a protective order preventing it from disclosing documents obtained in the case. Despite statutory language and controlling precedent to the contrary, the government argued the court had "inherent authority" to issue such an order. EPIC has asserted that such authority is in fact "contrary to" FOIA law. According to, EPIC, "A protective order in a Freedom of Information Act matter would be contrary to law and would make it more difficult for the public to obtain information about the government's activities," thus undermining the central purpose of FOIA. Judge Kessler also chastised DHS for repeated delays in processing EPIC's FOIA request, and noted that although DHS has reviewed over 4,000 documents so far, the agency has not yet disclosed a single page to EPIC. She has instructed DHS to disclose all appropriate documents to EPIC no later than April 15, 2013. DC District Court: Order in EPIC v. DHS (Jan. 8, 2013) EPIC: EPIC v. DHS (Defense Contractor Monitoring) EPIC: Motion for Reconsideration in EPIC v. DHS (Nov. 7, 2012) US DoJ: Opposition to Motion for Reconsideration (Nov. 30, 2012) EPIC: Reply to DoJ's Opposition (Dec. 7, 2012) ========================================================================= [2] EPIC Sues CIA for Details of NYPD Spying ========================================================================= EPIC has filed a Freedom of Information Act lawsuit against the CIA for details of that agency's involvement in a New York Police Department surveillance program targeting Muslims and persons of Arab descent. The surveillance conducted by the New York Police Department has included photographing members of the Muslim community as they entered mosques, infiltrating Muslim student groups, and monitoring Muslim stores and businesses. The extensive surveillance was focused on specific neighborhoods made up of certain ethnic groups and not on any accusations or suspicion of crime. In August 2011, the New York Police Commissioner acknowledged that the CIA participated in the surveillance. Following an investigation by the CIA Inspector General, however, the CIA announced that there is "no evidence that any part of the agency's support to the NYPD constituted 'domestic spying.'" In early 2012, EPIC sought the public release of the report prepared by the CIA Inspector General. Specifically, EPIC requested documents related to the CIA Inspector General's investigation of the agency's collaboration with the NYPD, including any legal analysis and final reports. EPIC also sought any communication between the CIA Inspector General's office and the NYPD about the CIA/NYPD collaboration. Because the CIA failed to comply with statutory deadlines established by the Freedom of Information of Act, EPIC has filed suit for release of the documents. EPIC has previously opposed surveillance systems that rely on race, ethnicity, and religion, including the Automated Targeting System and Suspicious Activities Reporting. In 2011, EPIC obtained via FOIA request and then published documents on the FBI's "Watch List." The documents revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law, and that individuals may remain on the FBI watch list even if charges are dropped or a case is dismissed. The New York Times subsequently broke the story and posted the documents obtained by EPIC. EPIC: FOIA Lawsuit against CIA re: Domestic Surveillance EPIC: EPIC v. CIA - Surveillance of Muslims EPIC: Appeal re: FOIA Request to CIA (May 23, 2012) EPIC: FOIA - FBI Watchlist EPIC: Automated Targeting Systems EPIC: Suspicious Activity Reporting EPIC: Domestic Surveillance ======================================================================== [3] EPIC Obtains Documents on NSA's 'Perfect Citizen' Program ======================================================================== In response to a Freedom of Information Act request, the National Security Agency has turned over documents to EPIC about the agency's controversial "Perfect Citizen" program. "Perfect Citizen" monitors private, nongovernmental networks within the US. According to reports from The Wall Street Journal, Perfect Citizen uses sensors deployed on computer networks to detect unusual activity and warn of an impending cyber attack. The NSA claims that Perfect Citizen is merely a research and development program. The documents obtained by EPIC suggest the program is operational and confirmed, and that Raytheon was contracted to develop and deploy certain components. The redacted documents obtained by EPIC state that "[t]he prevention of a loss due to a cyber or physical attack [on Sensitive Control Systems, like large-scale utilities], or recovery of operational capability after such an event, is crucial to the continuity of the [Department of Defense], the [Intelligence Community], and the operation of SIGNIT systems." The full scope of the program is not apparent because of key redactions and the withholding of 98 pages in their entirety, out of a total of nearly 300. EPIC has previously pursued cybersecurity-related documents from the NSA. Most recently, EPIC submitted a FOIA request to the NSA for the text of Presidential Policy Directive 20, a cybersecurity directive believed to expand NSA's cybersecurity authority. Directive 20 provides guidelines for what constitutes "defensive" and "offensive" actions within the context of cyberwar and cyberterrorism. EPIC is currently involved in FOIA litigation over National Security Presidential Directive 54, an earlier cybersecurity directive that gave the NSA authority to conduct surveillance within the United States. WSJ: "U.S. Plans Cyber Shield for Utilities, Companies" (July 10, 2010) EPIC: NSA "Perfect Citizen" FOIA Documents EPIC: Presidential Policy Directive 20 FOIA Request (Nov. 14, 2012) EPIC: EPIC v. NSA Complaint (Feb. 4, 2010) ======================================================================= [4] FTC Closes Investigation into Google Search Bias ======================================================================= The Federal Trade Commission announced January 3 that it had concluded an investigation into Google's alleged anticompetitive practices, which the FTC believed had the potential to stifle competition in the markets for smartphones, tablets, gaming consoles, and online search advertising. The Commission's settlement with Google provides competitors with access to patents necessary to make smartphones, laptops, and other devices. Google also voluntarily agreed to stop borrowing others' content for use in Google's own services. Under a separate commitment, Google agreed to remove restrictions on the use of the company's online search advertising platform, AdWords. The results of the FTC investigation indicate that Google's practice of restricting AdWords could make it "difficult for advertisers to coordinate online advertising campaigns across multiple platforms." On the issue of search bias, however, the FTC decided to close the investigation without taking action. The Commission focused the bias evaluation on two major search bias questions: First, whether Google's introduction of "Universal Search" - a product that prominently displays targeted Google properties in response to specific categories of searches, such as "Shopping" and "Local" - allowed Google to reduce or eliminate a nascent competitive threat; and second, whether Google altered search algorithms to demote certain vertical websites (i.e., websites that narrow search results to a particular category or field, like shopping or video) to similarly. The FTC reported that while it had found some evidence that Google's new search algorithm harmed competitors, these changes "could be plausibly justified as innovations that improved Google's product and the experience of its users." In 2011, EPIC urged the FTC to begin an investigation into whether Google has used its Search dominance to influence the marketplace of online video content. EPIC pointed specifically to Google's acquisition of YouTube and subsequent change in YouTube search rankings. EPIC's letter to the FTC stated that Google substituted its own subjective, "relevance" ranking in place of objective search criteria, such as "Hits" or "Rankings," to preference Google's own video material over non-Google material. EPIC's letter included detailed examples using the search term "Privacy." EPIC also opposed Google's 2008 merger with online advertiser DoubleClick. After testimony in 2007 before the US Senate Antitrust Committee on Google's growing dominance of essential Internet services, EPIC filed a complaint to the FTC, alleging that DoubleClick was unlawfully tracking the online activities of Internet users and combining user tracking records with detailed personal profiles contained in a national marketing database. While the FTC ultimately approved the Google/DoubleClick merger, the agency also required DoubleClick to agree to a list of commitments, including a commitment to abide by the National Advertising Initiative's Privacy Principles. FTC: Press Release on Google Investigation (Jan. 3, 2013) FTC: Statement re: Google Investigation (Jan. 3, 2013) EPIC: Letter to FTC re Google Search Bias (Sept. 8, 2011) EPIC: Testimony before US Senate re: Google/Doubleclick (Sep. 27, 2007) EPIC: Complaint to FTC re: Google/Doubleclick (Apr. 20, 2007) EPIC: Federal Trade Commission EPIC: Google/Doubleclick Relationship ======================================================================== [5] Supreme Court Hears Arguments on Driver Records Privacy Protection ======================================================================== The US Supreme Court heard arguments January 9 in Maracich v. Spears, a case involving the Drivers' Privacy Protection Act (DPPA). The Act regulates the disclosure and use of personal information held by state Departments of Motor Vehicles. In Maracich, a group of attorneys obtained South Carolina DMV records in order to solicit car buyers as clients for a class action lawsuit. Some of the solicited individuals sued the attorneys, claiming that the attorneys had unlawfully obtained and used personal information in violation of the DPPA. At issue in the case was whether an attorney's solicitation of clients is a permissible use under the statute's "litigation provision," which allows attorneys to obtain and use DMV records "in connection with" litigation. The Court deliberated how to reconcile the South Carolina statute's prohibition on nonconsensual solicitation with the litigation provision. Justices seemed hesitant to allow unfettered attorney solicitation due to the sensitivity of DMV records; Justice Stephen Breyer said that because these records contain Social Security Numbers, there is a risk of "identity theft run wild." Both Breyer and Chief Justice John Roberts asked the parties, "Where is the line" between permissible and impermissible uses of private information. Justices Antonin Scalia and Sonia Sotomayor expressed a need to "harmonize" the solicitation and litigation provisions of the statute, while Justice Ruth Bader Ginsburg expressed concern for the ability of attorneys to investigate potential class action lawsuits. Attorneys for the Petitioners, Maracich et al. argued that the Court should draw a line between investigatory conduct and solicitation: When a lawyer uses DMV records to investigate in anticipation of a lawsuit, that is a permissible use, whereas when a lawyer uses those records to solicit a new client, that is an impermissible use. Attorneys for the Respondents, Spears et al., argued that the Court should draw the line by examining whether the lawyers are seeking to address a specific transaction, occurrence, or defect. If they are, then those lawyers should be able to both investigate and solicit clients using DMV records. EPIC filed a "friend of the court" brief in support of the Petitioners, urging the Court to reverse the judgment of the Fourth Circuit Court, which held that Spears et al. were not in violation of the DPPA. EPIC's brief details the staggering amount of personal information contained in driver records, particularly as a consequence of the Department of Homeland Security's REAL ID regulations. EPIC argued that "changes in technology have increased the risk of the underlying harm Congress sought to address. Therefore, the Court should narrowly construe" exceptions allowing the disclosure of personal information. US Supreme Court: Oral Argument in Maracich v. Spears (Jan. 9, 2013) ABA: Brief of Petitioners (Maracich) (Nov. 9, 2012) ABA: Brief of Respondents (Spears) (Dec. 10, 2012) ABA: Reply Brief of Petitioners (Maracich) (Jan. 2, 2013) EPIC: “Friend of the Court” Brief (Support of Maricich) (Nov. 16, 2012) Fourth Circuit Court: Decision in Maracich v. Spears (Sept. 25, 2012) EPIC: Maracich v. Spears EPIC: The Drivers Privacy Protection Act ======================================================================== [6] News in Brief ======================================================================== European Parliament Moves Forward on Privacy Update The European Parliament has indicated strong support for a proposal put forward by the European Commission to update European Union privacy law. In reports on both the New Data Directive and New Data Regulation, the EU Parliament recommends greater power for data protection agencies and new rights for data subjects. The comprehensive update of the 1995 EU Data Protection Directive simplifies compliance procedures and also creates new incentives for anonymized and pseudonymized data to help protect privacy. In October 2012 EPIC Executive Director Marc Rotenberg testified before the European Parliament in support of the proposed reform. More than 20 US consumer organizations have expressed support for the European privacy initiative. EU Commission: Proposal on Personal Data Processing (Jan. 25, 2012) EU Parliament: Draft of New Data Directive (Dec. 17, 2012) EU Parliament: Draft of New Data Regulation (Dec. 20, 2012) EU: 1995 EU Data Protection Directive EPIC: Testimony before EU Parliament on Data Reform (Oct. 10, 2012) EPIC: EU Data Protection Directive Senate to Debate Privacy Amendments for Surveillance Law The US Senate is scheduled to debate several proposals that would establish new safeguards for the FISA Amendments Act, a controversial law that allows surveillance of the phone and email communications of US persons without a warrant. In May 2012, EPIC testified before the US House Judiciary Committee, and recommended increased transparency and new public reporting of the Government's surveillance activities; currently, the annual FISA letter to Congress provides little information about US government conduct. "Congress should not reauthorize the FISA Amendments Act until adequate oversight procedures are in place," EPIC Executive Director Marc Rotenberg said at the May hearing. US Senate: Floor Schedule EPIC: Testimony before US Senate on FISA (May 31, 2012) US Dept. of Justice: FISA Letter for 2012 (Apr. 30, 2012) ttp:// EPIC: Foreign Intelligence Surveillance Act EPIC: Clapper v. Amnesty International California Attorney General Releases Mobile App Privacy Guidelines California Attorney General Kamala Harris has issued a report, "Privacy on the Go," which designates best practices for mobile application privacy. The report recommends that app developers implement safeguards such as privacy-by-design and notice, but stops short of setting forth a comprehensive set of Fair Information Practices. The report follows the passage of the California Online Privacy Protection Act of 2012, which requires all service providers doing business in California, such as mobile app developers, to have a privacy policy available to consumers. The White House's privacy multistakeholder process is similarly attempting to develop a voluntary code of conduct for mobile app transparency. In 2011, EPIC submitted comments to the FTC on an agency overhaul of the Children’s Online Privacy Protection Act, which was updated in 2012 to reflect children’s use of mobile apps. State of CA AG’s Office: “Privacy on the Go” (Jan. 2013) State of CA: California Online Privacy Protection Act of 2012 NTIA: Privacy Multistakeholder Meeting (Jan 4, 2012) EPIC: Mobile and Location Privacy EPIC: Comments to FTC on COPPA Update (Dec. 23, 2011) FTC: Press Release on Final COPPA Update (Dec. 19, 2012) EPIC: Children's Online Privacy Protection Act (COPPA) ======================================================================= [7] EPIC in the News ======================================================================= "Leahy to lay out Judiciary agenda." The Hill, Jan. 14, 2013. "Banks seek NSA help amid attacks on their computer systems." The Washington Post, Jan. 11, 2013. "FBI Documents Shine Light on Clandestine Cellphone Tracking Tool." Slate, Jan. 10, 2013. "Documents Detail NSA's 'Perfect Citizen' Cybersecurity Work." InformationWeek, Jan. 9, 2013. "Texas schools RFID tracking suit sparks concerns about student privacy." Free Speech Radio News, Jan. 9, 2013. "DOJ Loses Push for 'Claw Back' Provision in Fight over Cybersecurity Documents." Legal Times, Jan. 8, 2013. "Epic data access proposals 'counter-productive', says MRA." Research Live, Jan. 3, 2013. "Unmanned military planes fly over Hampton Roads." The Virginian-Pilot, Jan. 3, 2013. "2013: New laws on gay marriage, social media." (VIDEO) MSNBC, Jan. 2, 2013. "Tech Giants Brace for More Scrutiny From Regulators." The New York Times, Jan. 2, 2013. "CIA Sued To Release NYPD Spying Report." The Huffington Post, Dec. 31, 2012. "Feds Requiring 'Black Boxes' in All Motor Vehicles." Wired, Dec. 26, 2012. "Revealed: NSA targeting domestic computer systems in secret test." CNet, Dec. 23, 2012. For More EPIC in the News: ======================================================================== [8] EPIC Bookstore ======================================================================== "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Drones and Domestic Surveillance." 15 January 2013, Washington, DC. For More Information: "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: 22nd Annual Computers, Freedom, & Privacy Conference. 5-6 March 2013, Washington, DC. For More Information: Contact Chris Calabrese at "Online Privacy: Consenting to your Future." 21-22 March 2013, Portomaso, Malta. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.24------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback