E P I C A l e r t
Volume 20.15 July 30, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC Defends Student Privacy Rights in Federal Court
 FISA Court Renews, DOJ Defends, Unlawful Surveillance Program
NJ High Court Issues Landmark Location Privacy Decision
 EPIC Urges Oversight Board to Uphold Strong Open Government Rules
EPIC Asks FTC To Investigate 'Magna Carta' App
 News in Brief
 EPIC in the News
 EPIC Book Review: 'Spying on Democracy'
 Upcoming Conferences and Events
TAKE ACTION: Sign EPIC's Petition Against NSA Domestic Surveillance!
- SIGN the Petition:
- LEARN More: https://epic.org/privacy/terrorism/fisa/
- SUPPORT EPIC: http://www.epic.org/donate/
 EPIC Defends Student Privacy Rights in Federal Court
EPIC argued July 24 before a Washington, DC, federal
district court in
support of student privacy rights. EPIC's President Marc Rotenberg and
Administrative Law Counsel Khaliah Barnes
contended that recent
proposals by the Department of Education would undercut student privacy
rights and are in violation of federal
In the case EPIC v. Dept. of Education, EPIC is challenging the US
Education Department's 2011 changes to the Family Educational
and Privacy Act (FERPA), which sets out rules requiring educational
institutions to limit unnecessary disclosures of confidential
information. The Education Department's changes allow the release of
student records for non-academic purposes and undercut
In 2011, EPIC submitted extensive comments to the agency, opposing the
changes on the grounds that
the Education Department had proposed
"recommendations that would undermine privacy safeguards set out in the
statute and would
unnecessarily expose students to new privacy risks."
After the Education Department failed to modify the proposed regulations
filed suit in early 2012, arguing that the changes exceeded the
agency's authority, and that the revised regulations were not in
accordance with the 1974 Privacy Act. "Through the FERPA's text,
purpose, and legislative history, Congress unambigiously guaranteed
students the right to prevent disclosure of directory information,"
EPIC is joined in the lawsuit by EPIC Board of
Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel.
EPIC: EPIC v. Dep't of Education
US Dept. of Education: FERPA Final Regulations (Dec. 2, 2011)
EPIC: Complaint re: Proposed Ed. Dept. Regulations (Feb. 29, 2012)
EPIC: Student Privacy
EPIC: The Administrative Procedure Act
 FISA Court Renews, DOJ Defends, Unlawful Surveillance
The Director of National Intelligence has "filed
an application with
the Foreign Intelligence Surveillance Court seeking renewal of the
authority to collect telephony metadata
in bulk, and that the Court
renewed that authority." This order from the FISA Court will allow the
NSA to continue collecting records
of all telephone calls in the US,
including purely domestic communications.
In a separate filing, the US Department of Justice
announced July 18
that a New York federal district court could not overturn the FISA
The DOJ further asserted,
in a July 16 letter to Rep. Jim Sensenbrenner
(R-WI), that "because the telephony metadata must be available in bulk
to allow the
NSA to identify records of terrorist communications, there
are 'reasonable grounds to believe' that the data is relevant to an
authorized investigation." The USA PATRIOT Act requires that business
records be "relevant" to an investigation and does not allow
federal government to acquire them without cause.
EPIC has filed a petition with the US Supreme Court challenging the
of the NSA domestic surveillance program. EPIC argues that
the FISA court did not have legal authority to compel telephone company
Verizon to turn over the telephone records of every customer. According
to EPIC's petition, the FISA Court "exceeded its statutory
when it ordered production of millions of domestic telephone records t
hat cannot plausibly be relevant to an authorized
ODNI: Renewal of NSA Authorization (Jul. 19, 2013)
Rep. Jim Sensenbrenner (R-WI): Letter from US DOJ (Jul. 16, 2013)
EPIC: Petition to the Supreme Court re: Verizon Order (Jul. 8, 2013)
EPIC: In re EPIC
 NJ High Court Issues Landmark Location Privacy Decision
The Supreme Court of New Jersey held July 18 that individuals
reasonable expectation of privacy in their cell phone location data
under the New Jersey state constitution. This is the
supreme-court decision to establish a constitutional right to privacy
in location records.
In State v. Earls, the
New Jersey high court found that "cell-phone
location information, which users must provide to receive service, can
reveal a great
deal of personal information about an individual."
Consequently, law enforcement officers in New Jersey will be required
a search warrant to track an individual's location.
In order to communicate with the telephone network, a cell phone must
constant contact with nearby cell towers. These connections
create a "paper trail" of an individual's phone records. By examining
the location of towers to which a phone is connected over a period of
time, law enforcement can track a person's movements in great
In urban areas where cell phone towers are densely packed, a person's
location can be pinpointed very precisely; tracking
the phone is
equivalent to tracking the person.
The decision in State v. Earls is the first state supreme-court case
location privacy since the US Supreme Court's 2012 decision
in US v. Jones, a GPS tracking case. The state of Montana has passed
similar statute requiring warrants to track cell phone location.
EPIC submitted a "friend of the court" brief in State v. Earls.
filing briefs in support of a warrant requirement, EPIC Appellate
Advocacy Counsel Alan Butler gave oral argument detailing
phone location tracking technology works in practice. The New Jersey
Supreme Court's decision notes that "EPIC offered
helpful details about
the current state of cell-phone technology."
New Jersey Supreme Court: Opinion in State v. Earls (Jul.
EPIC: State v. Earls
EPIC: United States v. Jones
State of Montana: House Bill 603 (Apr. 22, 2013)
EPIC: Locational Privacy
 EPIC Urges Oversight Board to Uphold Strong Open Government
In recent extensive comments to the President's Privacy
Liberties Oversight Board (PCLOB), EPIC urged the Board not to weaken
the Freedom of Information and Sunshine Acts as
PCLOB is an independent agency created to analyze and review the
privacy and civil liberties impacts of executive branch
counterterrorism efforts. The Board was established in by the
Intelligence Reform and Terrorism Prevention Act of 2004, at the
recommendation of the 9/11 Commission, and is comprised of five members
appointed by the President and confirmed by the US Senate.
EPIC's comments assert, "Because PCLOB is a watchdog agency for
government information practices," the Board's "open government
regulations must increase transparency concerning government activity
affecting privacy and civil liberties. The agency must make
that it maintains freely available to ensure that PCLOB and other
agencies uphold individual privacy rights. Moreover,
the agency must
improve upon its past practices and become a leader in holding public
discussions on topical government privacy
issues." According to EPIC,
the Board has proposed to adopt vague, broad, and otherwise unlawful
definitions permitting the oversight
agency to withhold information
and delay document production. The proposed regulations also would
allow the Board to encourage
other agencies to classify information,
and to terminate public participation in Board meetings "at any time
for any reason."
EPIC's comments allege that PCLOB's proposed regulations are unlawful,
outside the scope of the Board's mandate, and that many
of the proposed
changes "directly contravene" the President's and Attorney General's
statements on the importance of "the transparency
of the federal
government." EPIC recommends that the Board "revise the proposed
regulations, remove the new barriers to access
information, and incorporate new procedures that ease, not burden, the
public's efforts to learn about the activities
of its government. As
currently written," EPIC concludes, "several of PCLOB's proposed
revisions are contrary to the Freedom of
Information Act and Sunshine
Act, exceed the scope of the agency's rulemaking authority, and should
be revised as indicated."
to PCLOB on FOIA (Jul. 15, 2013)
Federal Register: Proposed Rule Changes for FOIA (May 15, 2013)
EPIC: The Privacy Act of 1974
EPIC: The 9/11 Commission Report
EPIC: Open Government
 EPIC Asks FTC To Investigate 'Magna Carta' App
EPIC has filed a complaint with the Federal Trade Commission against
Samsung, the publisher of a mobile app for rapper Jay-Z's
"Magna Carta Holy Grail." According to EPIC's complaint, The "Magna
Carta" app "collected massive amounts of personal
users and required substantial user permissions."
Additionally, states EPIC, "Samsung failed to disclose material
information about the privacy practices of the App, collected data
unnecessary to the functioning of the Magna Carta App, deprived
of meaningful choice regarding the collection of their data, interfered
with device functionality, and failed to implement
minimization procedures." These practices, according to EPIC, "violate
Section 5 of the Federal Trade Commission
Act and are actionable by the
Specifically, the "Magna Carta" app collects user personal information,
"a. Approximate user location using cell site locations and Wi-Fi
b. Precise user location using precise location
using the Global
Positioning System (GPS), cell site locations, and Wi-Fi
c. Mobile device identifiers, including
the International Mobile
Subscriber Identity and International Mobile Station Equipment
Identity numbers, both of which
are unique identifiers
d. Time periods during which the phone is active
e. Telephone numbers dialed
The identity of other applications installed on the device."
According to EPIC's complaint, the app can run in the background when
users switch to other apps on their mobile devices; can continue to
connect to the Internet while running; signs in as soon as
phones are switched on, and has access to the phones' vibration and
"sleep" functions. "The number of permissions requested"
by the app,
EPIC states, "verges on parody."
EPIC's complaint further alleges that the "Magna Carta" app includes
techniques that force users to promote the album. The app
requires users to log in to their Facebook or Twitter accounts in order
to access any of the content: "In the run-up to the album's release,"
EPIC contends, "the Magna Carta App allowed users to view
but only if the user posted a tweet or Facebook status update promoting
the fact that they had unlocked each lyric."
EPIC has asked the Commission to investigate Samsung and enjoin the
company's unfair and "deceptive data collection practices for
future apps that it may offer." Specifically, EPIC has requested that
"a. Disgorge and delete the user data
that was improperly obtained
from those users who previously installed the Magna Carta App;
b. Compel Samsung to comply with
all of the requirements of the
Consumer Privacy Bill of Rights for the Magna Carta App and all
similar products and services;
c. Compel Samsung to restrict its data collection to the user data
necessary to run the app; and
d. Provide such other
relief as the Commission finds necessary and
Earlier in 2013, EPIC filed a complaint with the FTC against Snapchat,
the publisher of a mobile app that claimed to delete photos and videos
"forever." In fact, the photos and videos collected by Snapchat
on users' phones following their purported EPIC's Snapchat complaint
reminded the Commission to endorse "reasonable collection
"sound retention practices."
EPIC: Complaint to FTC re: "Magna Carta" App (Jul. 12, 2013)
EPIC: Jay-Z Magna Carta App
EPIC: Complaint to FTC re: Snapchat, May 16, 2013
 News in Brief
House Narrowly Defeats Bill to End NSA Domestic Surveillance Program
In a close vote, the US House of Representatives voted 217
to 205 to
reauthorize funding for the controversial NSA domestic surveillance
program that has resulted in the collection of all
customers' call records. The outcome followed intense lobbying by the
Obama Administration and leaders of the
intelligence community. The
measure was introduced by Reps. Justin Amash (R-MI) and John Conyers
(D-MI). EPIC has filed a petition
with the US Supreme Court, charging
that the program violates section 215 of the Patriot Act. A decision
by the Court is expected
in early October.
US House: Roll Call Vote on NSA Surveillance Program (Jul. 24, 2013)
IC Officials: Letter in Support of NSA Program (Jul. 23, 2013)
Rep. Justin Amash (R-MI): Fact Sheet on NSA Amendment (Jul. 24, 2013)
EPIC: In re EPIC - NSA Telephone Records Surveillance
EPIC Updates Congress on Organization's Response to NSA Surveillance
EPIC has sent a letter to the US House Judiciary Committee
EPIC's response to the NSA domestic surveillance program. "In our view,
the secret court simply lacks the legal authority
to authorize this
program of domestic surveillance," EPIC writes. EPIC has filed a
petition with the US Supreme Court challenging
the Verizon Order
issued by the Foreign Intelligence Surveillance Court. EPIC is also
petitioning the NSA to create public rules
governing the agency's
EPIC: Letter to US House re: NSA Surveillance Program (Jul. 15, 2013)
EPIC: Petition to US Supreme Court re: Verizon Order (Jul. 8, 2013)
EPIC: NSA Verizon Order (Apr. 25, 2013)
EPIC: Petition to NSA re: Domestic Surveillance
EPIC: In re EPIC - NSA Telephone Records Surveillance
Justice Department Revises Rules on Obtaining Journalists' Records
The US Department of Justice has issued a report outlining
department's revised rules for obtaining journalists' records. The
policy change comes in the wake of controversies over the
subpoena of Associated Press calling records. The new rules establish
a presumption that reporters will be notified
when their records are
sought, and raises the legal standard for access under the Privacy
Protection Act of 1980, a law intended
to protect journalists' records
from government access. Following the AP controversy, EPIC filed a
Freedom of Information Act request seeking the legal basis for the
Justice Department's subpoena of reporters' phone records.
US DoJ: 'Report on Review
of News Media Policies' (Jul. 12, 2013)
US House: Hearing with AG Eric Holder re: AP Records (May 14, 2013)
EPIC: FOIA Request to USDoJ re: Reporter Surveillance (May 14, 2013)
EPIC: The Privacy Protection Act of 1980
EPIC: Free Flow of Information Act
Web Working Group Rejects Industry 'Do Not Track' Proposal
The World Wide Web Consortium has rejected a "Do Not Track" standard
proposed by the online advertising industry. The industry proposal
would have allowed advertising companies to continue to collect
consumer browsing activities, but would have limited the way in which
companies could characterize users based on that
data. The working
group stated that the industry proposal was "less protective of privacy
and user choice than their earlier initiatives."
Rockefeller (D-WV), the Senate Commerce Committee Chair, has
re-introduced legislation to regulate the commercial surveillance
consumers online. In 2010, EPIC recommended to Congress that an
effective Do Not Track initiative must ensure that a consumer's
decision is "enforceable, persistent, transparent, and simple."
W3C: Rejection of Industry 'Do Not Track' Proposal (Jul. 15,
Sen Jay Rockefeller (D-WV): Revised Do Not Track Bill (Feb. 28, 2013)
EPIC: Statement to Congress on DNT Legislation (Dec. 2, 2010)
EPIC: Online Tracking and Behavioral Profiling
Study Finds Flaws in Proposed Mobile Short-Form Notice
A study by researchers at Carnegie Mellon University has found that
are confused by the mobile app short-form notice currently
proposed by participants of the NTIA, the US Department of Commerce's
privacy multistakeholder process. The draft notice contains a list of
data categories for which mobile apps must provide notice,
study surveyed 800 mobile users and found that "participants had low
agreement on how different data and entities should
In 2012, EPIC recommended that the Federal Trade Commission focus on
substantive privacy protections instead of
CMU CyLab: Study on Mobile App Notices (Jul. 17, 2013)
US Dept. of Commerce: Privacy Multistakeholder Process Schedule
EPIC: Comments to FTC on Mobile Apps and Privacy (Jul. 11, 2012)
EPIC: NTIA Privacy Multistakeholder Process
 EPIC in the News
"Are you being tracked while shopping? [Video]." CBS This Morning,
July 29, 2013.
"Opponents of NSA surveillance emboldened by close House vote." The
Hill, July 28, 2013.
"A Black Box for Car Crashes." The New York Times, July 21, 2013.
"N.J. Supreme Court: Police Need Warrant for Your Cellphone Data."
Mashable, July 20, 2013.
Opinion: "Surveillance court too secretive: Our view." USA Today,
July 18, 2013.
Marc Rotenberg: "Supreme Court must protect our privacy
from the government." CNN Opinion, July 17, 2013.
"No Clear Direction on Cellphone Location Tracking." Roll Call,
July 17, 2013.
"Rap for rap chap in crap rap app flap: Jay-Z blasted by privacy bods."
The Register (UK), July 16, 2013.
"Jay-Z App, Amazon Extension Slammed On Privacy." Information Week,
July 15, 2013.
"The Petition for Immediate Supreme Court Review of a Foreign
Intelligence Surveillance Court Order Raises Thorny Procedural
Justia, July 15, 2013.
"US Public Split Over NSA Surveillance." VOA News, July 11, 2013.
For More EPIC in the News: http://epic.org/news/epic_in_news.html
 EPIC Book Review: 'Spying on Democracy'
"Spying on Democracy: Government Surveillance, Corporate Power and
Public Resistance," Heidi Boghosian
Heidi Boghosian's "Spying on Democracy: Government Surveillance,
Corporate Power and Public Resistance" is a colorful, illustrative
primer on governmental and private-sector intelligence gathering.
Boghosian, Executive Director of the progressive National Lawyers'
Guild, draws on recent events and American "near-history" to
demonstrate such concepts as wiretapping, surveillance drone usage,
government-contracted corporate spying, and interagency fusion centers.
Each of the book's 13 chapters takes on a different method
characteristic of data gathering, primarily centered around citizens
acting in their capacity as private individuals. Boghosian
focuses on individual First Amendment rights, and the ways in which
public and private surveillance impact and infringe
upon them. Thus,
a chapter on attorney-client privilege explores the ways that FBI and
NSA monitoring of public-interest law associations
has impeded their
work, from the beginnings of the Cold War through the present day.
A later chapter covers another fundamental
First Amendment right -
freedom of the press - and provides an overview of the US government's
history of domestic surveillance
Boghosian also turns her unflinching analysis to corporate culture and
the ways in which private companies contribute
to a surveillance
society. "Spying on Democracy"'s second chapter, for example, focuses
on migrant farm workers who pick the tomatoes
used by Burger King,
McDonald's, and Taco Bell. When human-rights organizations began to
demonstrate on behalf of the underpaid
and often mistreated migrant
workers, Boghosian writes, Burger King hired a private espionage firm
to infiltrate the organization:
". . . Florida's Fort Myers News-Press
[published] that the newspaper had identified emails originating from
Burger King's corporate
headquarters in Miami as the source of
threatening messages sent to Immokalee Workers and the Student/
Farmworker's Alliance." This
tactic of spying on critics in order to
undermine, intimidate, and discredit them is not unique to one or two
maintains; rather, it is a practice endemic to a
"Spying on Democracy" also demonstrates how public and
surveillance have merged, particularly over the past 10 to 20 years.
In a chapter about children's privacy, Boghosian describes
"Security Checkpoint" play set, which helps "habituate [children] to
accept daily surveillance.". In another chapter,
she discusses the
relationship between private surveillance firms and the federal
intelligence community, which often hire private
contractors to conduct
their domestic spying, and how interdependent both sectors have become.
"Spying on Democracy" is an excellent
collection of topics and
buzzwords; chapters are organized into tidy subsections, each of which
provides a brief but thorough description
of a concept or incident. As
a result, the book reads like an encyclopedia with good narrative
structure, or a set of educational
short stories. Boghosian's thesis,
while never explicitly laid out, permeates the entire text: that the
cooperation between private
and public surveillance apparatus impedes
the rights of private citizens to speak, write, organize, assemble and
on Democracy" is not a scholarly read, but it is fast-
paced, active, and punctuated with photographs. And for the more
inclined, it is also replete with well-cited footnotes.
-- Julia Horwitz
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
S. Zaid (EPIC 2010). Price: $75.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the
Video Voyeurism Prevention Act, and the
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
The Public Voice Conference, Warsaw, Poland, September 2013. For More
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW, Suite
200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at: http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.15------------------------