WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2013 >> [2013] EPICAlert 2

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 20.02 [2013] EPICAlert 2

EPIC Alert 20.02

======================================================================= E P I C A l e r t ======================================================================= Volume 20.02 February 1, 2013 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." =========================================================================== Table of Contents =========================================================================== [1] TSA to Pull 'Naked' Body Scanners from All US Airports [2] EPIC Hosts Event on Drones and Surveillance at National Press Club [3] EPIC Argues Cell Phone Privacy Case Before New Jersey Supreme Court [4] EPIC Defends Student Privacy in Federal Court [5] Sen. Leahy Sets Out Judiciary Committee Agenda for New Congress [6] News in Brief [7] EPIC in the News [8] EPIC Bookstore [9] Upcoming Conferences and Events TAKE ACTION: Support Europe v. Facebook! - LEARN about the Project: - DEMAND Your Facebook Data: - JOIN Forces with Europe v. Facebook: - SUPPORT EPIC: ======================================================================== [1] TSA to Pull 'Naked' Body Scanners from All US Airports ======================================================================== The Transportation Security Administration is ending the agency's contract with backscatter x-ray device manufacturer Rapiscan. As a result, all backscatter machines, which produce a detailed naked image of air travelers, will be removed from US airports. The backscatter x-ray scanners will be replaced by millimeter wave scanners, a less- intrusive but still controversial scanning technology. The Congressional "FAA Modernization and Reform Act of 2012"mandated that all body scanners be equipped with privacy-enhancing software by June 1, 2013. After granting itself a one-year extension, the TSA ended the contract for backscatter x-ray devices once it became obvious that Rapiscan could not add privacy-enhancing software in time to meet the Congressional deadline. Beginning in 2005, EPIC and a coalition of privacy advocates, scientists, legal experts and lawmakers urged the TSA not to deploy the devices. In 2010, before the backscatter devices were widely in use, EPIC and others petitioned DHS Secretary Napolitano to suspend the program pending a thorough review. In 2010, EPIC sued the Department of Homeland Security to force disclosure of technical documents about the body scanner program. The documents EPIC received revealed that DHS publicly mischaracterized the findings of the National Institute of Standards and Technology, stating that NIST had "affirmed the safety" of full body scanners. In fact, NIST never tested full-body scanners for safety. The European Union banned x-ray body scanners from European airports in 2011, citing both unreliability and potential health risks. In a subsequent EPIC lawsuit against DHS, the DC Circuit Court of Appeals determined that air travelers have a right to opt-out of the body-scanner screening and that the TSA must undertake a public notice and comment rulemaking on the scanners. The court has ordered the agency to begin the public comment process by March 2013. TSA: "Rapiscan Contract Terminated" (Jan. 18, 2013) The FAA Modernization and Reform Act of 2012 EU: Press Release on Body Scanners at EU Airports (Nov. 14, 2011) EPIC: 2nd Petition to DHS re: Body Scanners (July 2, 2010) EPIC et al.: 1st Petition to DHS re: Body Scanners (Apr. 21, 2010) EPIC et al.: Letter to DHS re: Body Scanners (May 31, 2009) EPIC: EPIC v. DHS (Suspension of Body Scanner Program) EPIC: EPIC v. DHS (Body Scanners) EPIC: EPIC v. DHS (Full Body Scanner Radiation Risks) EPIC: Body Scanners EPIC: Spotlight on Surveillance (Body Scanners) ========================================================================= [2] EPIC Hosts Event on Drones and Surveillance at National Press Club ========================================================================= EPIC hosted a January 17 symposium on "Drones and Domestic Surveillance," at the National Press Club in Washington, DC. The symposium brought together experts in law, technology, and public policy to discuss the expanding use of unmanned aerial vehicles, otherwise known as drones or UAVs, within US airspace. EPIC Executive Director Marc Rotenberg moderated the event, which featured a panel of legal and policy experts, including privacy scholars Laura Donohue and Orin Kerr, CATO fellow Julian Sanchez, EPIC Associate Litigation Counsel Amie Stepanovich, and Gretchen West of UAV industry group AUVSI. Security technologist and author Bruce Schneier spoke about the future of advanced drone technology, or when "today's expensive and rare becomes tomorrow's commonplace." Representative Ted Poe (R-TX) provided the event's keynote address. Poe announced his plans to introduce a bill, co-sponsored by Rep. Zoe Lofgren (D-CA), to protect citizen privacy against increased drone use. Previously, Poe had chaired a field hearing in Houston, TX, to explore the privacy implications of domestic drone use. In a prepared statement for the field hearing, EPIC noted that "widespread use of drone technology increases the potential for pervasive mass surveillance of the American public by law enforcement." In February 2012, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to establish privacy safeguards for drones. The petition called on the FAA to conduct a notice-and-comment rulemaking to address the impact of drone use on privacy and civil liberties in the US. EPIC also testified before Congress in 2012 on the risks of domestic drone use. Meanwhile, Rep. Ed Markey (D-MA) has introduced the "Drone Aircraft Privacy and Transparency Act". The bill calls on the FAA to complete a report on the privacy implications of US drones. The bill will also require drone operators to submit a data collection and data minimization statement regarding drones' collection of personally identifiable information. EPIC: Drones and Domestic Surveillance FAA: Letter to Congress on Privacy and Drone Use (Nov. 1, 2012) EPIC: Testimony before Congress on Privacy and Drones (Oct. 25 2012) EPIC: Petition to FAA (Feb. 24, 2012) Rep. Ted Poe (R-TX): Air Travelers' Bill of Rights Act of 2012 Rep. Ed Markey (D-MA): Drone Privacy and Transparency Act of 2012 EPIC: UAVs and Drones ======================================================================== [3] EPIC Argues Cell Phone Privacy Case Before New Jersey Supreme Court ======================================================================== The New Jersey Supreme Court heard oral arguments January 29 in State v. Earls, a criminal case centering around Fourth Amendment privacy rights in cell phone location information. The Court heard arguments from the State of New Jersey, the defense attorney, the New Jersey ACLU, and EPIC Appellate Advocacy Counsel Alan Butler. State v. Earls arises from an investigation into a 2006 string of New Jersey burglaries. Defendant Thomas Earls argued that his Fourth Amendment rights were violated when officers requested his location information from his cell phone provider without a warrant. The initial trial court found that Earls had a reasonable expectation of privacy in his location information, but that the search was justified under the "emergency aid" exception, and Earls was convicted. An appellate court upheld his conviction, but found that he had no reasonable expectation of privacy in his "generalized" location information revealed by his mobile provider. After the US Supreme Court's decision in US v. Jones, the Supreme Court of New Jersey decided to revisit the case. EPIC filed a "friend of the court" brief on behalf of Earls, arguing that location information reveals intimate details similar to the GPS data considered by the US Supreme Court in Jones. In response to an additional court request, EPIC filed a supplemental brief outlining the current state of location-tracking technology and arguing that, under federal and state constitutions, individuals have a reasonable expectation of privacy in modern cell phone location records. At the Jan. 29 oral argument, the court focused on the potential impact of imposing a warrant requirement for cell phone location data. The defense counsel argued that a warrant requirement would be consistent with the current practice of New Jersey investigators. According to the State's supplemental brief, roughly 90% of the location records used by New Jersey prosecutors in the second half of 2012 were obtained pursuant to a warrant. The State was unable to provide the court with more detailed information about the use of warrants to obtain location data before 2012. A final decision is expected by the end of this year. EPIC: State v. Earls EPIC: "Friend of the Court" Brief in State v. Earls NJ Supreme Court: Request for Supplemental Briefing (Nov. 21, 2012) EPIC: Supplemental Brief in State v. Earls (Dec. 20, 2012) EPIC: Locational Privacy EPIC: US v. Jones ======================================================================= [4] EPIC Defends Student Privacy in Federal Court ======================================================================= EPIC has filed a cross-motion for summary judgment with a Washington, DC, federal court, challenging changes to the Family Educational Rights and Privacy Act (FERPA). EPIC's brief argues that the US Department of Education is exceeding its legal authority by removing students' right to prohibit the disclosure of their personal information, and that the agency's new regulations are unreasonable and overstep the authority granted by Congress. The revised regulations, issued by the Education Department in 2011, allow the release of student records for non-academic purposes and undercut parental consent provisions. The regulations reinterpret statutory definitions in FERPA in order to provide non-governmental actors increased access to student personal data. The ED's changes also promote the public use of student IDs that enable access to private educational records, and which can be used to re-identify students. In 2011, EPIC submitted extensive comments to the agency, opposing the changes and arguing for the need to safeguard privacy. EPIC's comments stated that "the ED's proposals expand a number of FERPA's exemptions, reinterpreting the statutory terms 'authorized representative,' 'education program,' and 'directory information.' These proposals remove affirmative legal duties for state and local educational facilities to protect private student data." After the Education Department failed to make the requested changes, EPIC filed a lawsuit, further arguing that the revised regulations were not in accordance with the Privacy Act of 1974. The Department issued final regulations in December 2011 despite the its own admission that "numerous commenters . . . stated that they believe the Department lacks the statutory authority to promulgate the proposed regulations contained in the NPRM." EPIC is joined in the lawsuit by members of the EPIC Board of Directors and Advisory Board Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel. EPIC: Cross-Motion for Summary Judgment in EPIC v. ED (Jan. 18, 2013) Education Dept.: Final Regulations on Education Privacy (Dec. 2, 2011) EPIC: Comments on Dept. of Ed. Proposed Rulemaking (May 23, 2011) EPIC: EPIC v. US Department of Education EPIC: Student Privacy EPIC: Re-Identification ======================================================================== [5] Sen. Leahy Sets Out Judiciary Committee Agenda for New Congress ======================================================================== At a January 16 speech at Georgetown University, Sen. Patrick Leahy (D-VT), Chair of the US Senate Judiciary Committee, laid out the Judiciary Committee's agenda for the 113th Congress. Leahy vowed to commit the Committee to addressing "out most fundamental rights, and our most basic freedoms." According to Sen. Leahy, the Committee's agenda includes updates to key legislation, including laws on email privacy and cybersecurity. In 2012, Leahy introduced provisions to update the Electronic Communications Privacy Act, the law that establishes when a warrant is required for law enforcement to gain access to individual email, and which he originally sponsored in 1986. To date, ECPA has not been updated; proposed updates passed the Senate in 2012, but were struck down in the House. In his speech, Leahy explained that the Judiciary Committee would also address the need for oversight of US counterterrorism programs and the privacy issues involved with the growing use of domestic surveillance drones. In 2012, EPIC and a coalition of experts and organizations petitioned the Federal Aviation Administration to develop regulations aimed at protecting individuals from increased drone surveillance. Finally, Sen. Leahy emphasized the importance of open government as an American value, promising to "continue to fight for transparency that keeps the government accountable to the people." Leahy has been a long- time champion for open government, and previously introduced the "Faster FOIA" Act to increase the rate at which government agencies respond to Freedom of Information Act requests. Sen. Patrick Leahy: Judiciary Committee Agenda for 113th Congress EPIC: Electronic Communications Privacy Act EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. EPIC: Open Government ======================================================================== [6] News in Brief ======================================================================== EPIC Gives 2013 Privacy Champion Award to Austrian Privacy Advocate EPIC has given the 2013 International Privacy Champion Award to Austrian law student Max Schrems, the organizer of Europe v. Facebook. EPIC called Schrems "an innovative and effective spokesperson for the right to privacy." EPIC cited Schrems' work in obtaining Facebook's collection of his personal information, which has inspired more than 40,000 users worldwide to make similar access requests, thus helping to ensure greater transparency of Internet companies. Previous international award recipients include Canadian Privacy Commissioner Jennifer Stoddart, European Parliamentarian Sophie In't Veld, Australian jurist Michael Kirby, and Constitutional Law Scholar Stefano Rodota. The award is given by EPIC annually in recognition of International Privacy Day, January 28. Europe v. Facebook EPIC: International Privacy Day EPIC: International Privacy Standards Report Highlights Legal Questions Implicated by Domestic Drone Use A new report from the Congressional Research Service -"Integration of Drones into Domestic Airspace: Selected Legal Issues" - states that "perhaps the most contentious issue concerning the introduction of drones into U.S. airspace is the threat that this technology will be used to spy on American citizens." Last year, EPIC warned Congress that "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies." EPIC, joined by over 100 organizations, experts, and members of the public, has petitioned the Federal Aviation Administration to begin a rulemaking to establish privacy safeguards. Congressional Research Service: Report on Drones (Jan. 30, 2013) EPIC: Congressional Testimony on Drones in US (Jul. 12, 2012) EPIC: Petition to FAA on Drones (Mar. 8, 2012) EPIC: Unmanned Aerial Vehicles (UAVs) and Drones New Study Finds Limits in Deidentification of DNA Samples A recent paper published in Science Magazine reveals that deidentified DNA sequences collected for research purposes can be used to identify subjects under certain circumstances. According to the article, the information posted by the 1,000 Genomes Project - age, state of residence, and full DNA sequence - used in combination with publicly available genealogy data was sufficient to narrow the search to a few likely individuals. A Science Policy Forum article in the same issue concludes that this genetic triangulation "reveals the need to re- examine the current paradigms for managing the potential identifiability of genomic and other 'omic'-type data." The President's Commission for the Study of Bioethical Issues recently reviewed the ethical and privacy implications of the use and collection of genetic data. In February, the Supreme Court is set to hear Maryland v. King, a case involving the warrantless collection and use of genetic information. Science: Paper on Genome Reidentification (Jan. 18, 2013) Science: "The Complexities of Genomic Identifiability" (Jan 18, 2013) 1,000 Genomes Project President's Commission for the Study of Bioethical Issues EPIC: Maryland v. King EPIC: Genetic Privacy TSA Resurrects Use of Commercial Data for Passenger Screening The TSA is reconsidering the use of commercial data to screen passengers, a controversial practice that was previously blocked by the federal government. In 2006 Congress suspended funding for Secure Flight, a program that relied on the use of commercial data, after EPIC, the General Accounting Office, and others identified security and privacy vulnerabilities, including the fact that "Individuals will have no judicially enforceable right to access information about them contained in the system, nor to request correction of information that is inaccurate, irrelevant, untimely or incomplete." TSA's current effort also comes as the Federal Trade Commission is studying the practices of the data broker industry. NextGov: Article on TSA Screening (Jan. 16, 2013) EPIC: Comments to DHS on Secure Flight (2004) GAO: Testimony before Congress on Secure Flight (2006) FTC: Press Release on Data Broker Investigation (Dec. 18, 2012) EPIC: Secure Flight EPIC: Passenger Profiling Survey Names Top 10 Most Trusted Companies for Privacy Privacy research center The Ponemon Institute has released the 2012 edition of the "Most Trusted Companies for Privacy," an annual report listing the companies that consumers trust the most with respect to the handling of their personal data. Out of 217 organizations rated, American Express ranked as the most trusted; others included Amazon, eBay, and IBM. In general, consumers rated companies in the healthcare and banking industries higher than social media companies and charities. The report also found that "the importance of privacy has steadily trended upward over seven years." The rankings were generated from a final sample of 6,704 respondents. Ponemon: "2012 Most Trusted Companies for Privacy" (Jan. 28, 2013) Ponemon Institute EPIC: Public Opinion on Privacy ======================================================================= [7] EPIC in the News ======================================================================= "NJ Supreme Court weighs privacy rights of cell phone users.", Jan. 29, 2013. "Clicking 'like' on Facebook can lead to having personal info collected." ABC Action News Tampa, Jan. 29, 2013. "Drive-by Scanning: Officials Expand Use and Dose of Radiation for Security Screening." ProPublica, Jan 29, 2013. "Obama campaign gives database of millions of supporters to new advocacy group." MSN, Jan. 28, 2013. "Cord blood bank agrees to improve data security after lapse." Reuters, Jan. 28, 2013. "Air travel gets a lot more modest." BBC, Jan. 25, 2013. "If you've ever wanted to evade overhead surveillance drones -- and, of course, look stylish while." The Washington Times, Jan. 23, 2013. "A Farewell to 'Nudity' at Airport Checkpoints." The New York Times, Jan. 21, 2013. "TSA removing 'virtual strip search' body scanners." CNN, Jan. 19, 2013. "Controversial full-body scanners to be removed from airports." Los Angeles Times, Jan. 18, 2013. "TSA pulls the plug on 'naked' X-ray scanners after maker fails to guarantee privacy." The Verge, Jan. 18, 2013. "Naked-Image Scanners to Be Removed From U.S. Airports." Bloomberg News, Jan. 18, 2013. "Facebook search may take time to catch on." The Oakland Tribune, Jan. 17, 2013. "Obscurity: A Better Way to Think About Your Data Than 'Privacy'." The Atlantic, Jan. 17, 2013. "Facebook introduces new search tool." Los Angeles Times, Jan. 16, 2013. "US plans to increase drone missions in the country." (Video) Press TV, Jan. 16, 2013. "Laws urged to curb snooping by drones." The Washington Times, Jan. 9, 2013. "Swartz death immortalizes hacking law woes." USA Today, Jan. 15, 2012. For More EPIC in the News: ======================================================================== [8] EPIC Bookstore ======================================================================== "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "The New Frontier: Policy & Politics in the Age of the Internet." 22 February, Washington, DC. For More Information: "IDP13 in OKC." 23 February 2013, Oklahoma City, OK. For More Information: " Hands on the Future in the Classroom." SXSW, 6 March 2013, Austin, TX. For More Information: "Online Privacy: Consenting to your Future." 21-22 March 2013, Portomaso, Malta. For More Information: EPIC Champion of Freedom Awards Dinner. 3 June 2013, Washington, DC. For More Information: 22nd Annual Computers, Freedom, & Privacy Conference. 25-26 June 2013, Washington, DC. For More Information: Contact Chris Calabrese at ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 20.02-----------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback