EPIC Alert 21.10
E P I C A l e r t
Volume 21.10 May 30, 2014
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC Freedom Awards to Allen, Amash, The Guardian, Snowden
 House Adopts Weakened NSA Reform Bill
 EPIC Testifies on Student
Privacy Before CA State Assembly
 FTC Report on Data Brokers Fails to Address Privacy Concerns
 Sprint Pays FCC a Record $7.5M
for Violating 'Do Not Call'
 News in Brief
 EPIC in the News
 EPIC Bookstore
 Upcoming Conferences and Events
THE DATE: June 2, 2014.
EPIC's 2014 Champions of Freedom Dinner, hosted by Bruce Schneier.
TAKE ACTION: Reset the Net!
SIGN the Pledge Against Net Surveillance: https://www.resetthenet.org/
WATCH the Video: https://www.youtube.com/watch?v=qKk8MHFLNNE
LEARN about Privacy Tools: http://epic.org/privacy/tools.html
SUPPORT EPIC: http://epic.org/support
 EPIC Freedom Awards to Allen, Amash, The Guardian,
On June 2 the Electronic Privacy Information Center
will celebrate 20
years of privacy advocacy with the 2014 EPIC Champions of Freedom
Established in 1994, EPIC was created
to focus public attention on
emerging privacy issues. EPIC maintains two of the most popular privacy
websites in the world - epic.org
and privacy.org - and pursues policy
research, litigation, public education, and advocacy. EPIC's Advisory
Board includes leading
experts in law, technology and public policy.
EPIC established the Champion of Freedom Awards to recognize
individuals and organizations
that safeguard the right to privacy with
courage and integrity. Internationally renowned security technologist
will host the 2014 EPIC celebration.
EPIC will honor University of Pennsylvania Law Professor Anita L.
Allen for her work as the
nation's leading privacy law scholar. A
longtime EPIC Advisory Board member, Professor Allen has helped shape
the modern understanding
of the right to privacy.
EPIC will honor Congressman Justin Amash (R-MI) for his campaign to
defund the NSA's telephone record
EPIC will recognize The Guardian newspaper for publishing documents
obtained by Edward Snowden that provided
the basis for EPIC's petition
to the US Supreme Court to end the bulk collection of Americans'
will also receive an award from EPIC for disclosing the
secret court that documented the unlawful surveillance of Americans and
for transforming the debate about privacy protection.
"EPIC is honored to recognize these Champions of Freedom who have
to safeguard privacy, some at great personal risk," said Marc
Rotenberg, EPIC's President and Executive Director.
of the Champion of Freedom Award include Senators
Rand Paul (R-KY) and Ron Wyden (D-OR), and journalist Martha Mendoza
Senator Al Franken (D-MN), Judge Alex Kozinski of the 9th
Circuit, and journalists Dana Priest and William Arkin (2012);
Jason Chaffetz (R-UT) and Rush Holt (D-NJ), former
Miss USA Susie Castillo, and the Wall Street Journal (2011);
Joe Barton (R-TX), former FTC Commissioner Pamela
Jones Harbour, and the Rose Foundation (2010); Senator Ed Markey
D.J. Caruso, philanthropist Addison Fischer, and
attorney Paul M. Smith (2009); and Senator Patrick Leahy (D-VT) (2004).
has previously presented the Lifetime Achievement award to David
Flaherty (2013), Whitfield Diffie (2012), and Willis Ware (2012).
EPIC: 2014 Champion of Freedom Awards
EPIC: Advisory Board
Professor Anita Allen
Rep. Justin Amash (R-MI)
The Guardian Newspaper
EPIC: 2013 Champion of Freedom Awards
EPIC: 2012 Champion of Freedom Awards
EPIC: 2011 Champion of Freedom Awards
 House Adopts Weakened NSA Reform Bill
The US House of Representatives has voted to adopt a modified "USA
FREEDOM" Act, an NSA reform bill. The revised Act no longer
bulk collection of communications records and weakens transparency
The House's modifications include
a definition of "specific selection
term" that allows the continued bulk collection of Americans' data,
and removing a provision
that would have allowed companies to publish
the rough number of court orders they received for the PRISM
The House bill also removes the US Attorney
General's ability to review significant FISA court rulings for
those decisions in the hands of the Director
of National Intelligence.
Because of such last-minute revisions to the House bill,
a number of
civil liberties and human rights organizations that initially supported
it withdrew their backing. A coalition of US
tech companies similarly
withdrew support, calling the expanded definition of "specific
selection term" an "unacceptable loophole
that could enable the bulk
collection of internet users' data." Senator Patrick Leahy (D-VT)
announced that the bill is "an important
step towards reforming"
surveillance authorities, but expressed disappointment that the current
version "does not include some
of the meaningful reforms contained in
the original." Senator Mark Udall (D-CO) expressed disappointment with
the House bill, stating,
"The NSA has shown it will seize upon any
'wiggle room' in the law, and there is plenty of wiggle room in the
The USA FREEDOM Act will be considered next
by the Senate Judiciary Committee.
In 2013, EPIC filed a petition with the US Supreme
Court, alleging that
the bulk collection of telephone record was unlawful. The EPIC petition
was supported by dozens of legal scholars
and former members of the
Church Committee. EPIC also testified before the House in 2012 that the
FISA should not be renewed without
adoption of new, more robust, public
reporting requirements and oversight procedures.
US House: Final Vote on USA FREEDOM Act
(May 22, 2014)
US Congress: Text of USA FREEDOM Act (HR 3361)
Sen. P. Leahy (D-VT): Comments on House Version of Act (May 22, 2014)
Sen. M. Udall (D-CO): Comments on House Version of Act (May 22, 2014)
EPIC: Testimony on FISA Amendments Act of 2008 (May 31, 2012)
EPIC: In re EPIC - NSA Telephone Records Surveillance
EPIC: FISA Reform
 EPIC Testifies on Student Privacy Before CA State
EPIC's Student Privacy Project Director Khaliah
Barnes testified May 14
before the California State Assembly Education Committee and Select
Committee on Privacy on "Ensuring Student
Privacy in the Digital Age."
EPIC's testimony (1) explained how the US Education Department's
regulations encourage mass collection
of student data; (2) described
the privacy risks facing today's students; (3) underscored the need for
data security safeguards
for states, schools, and private companies
that access student information; and (4) recommended that California
adopt EPIC's Student
Privacy Bill of Rights, a student privacy and data
protection framework based on the Fair Information Practices.
joined several other states that have introduced
student privacy legislation in the wake of Department of Education
that significantly weakened the Family Educational Rights
and Privacy Act, a federal student privacy law. Pursuant to Education
Department regulations, private companies and government agencies
outside of academia have gained access to sensitive student records.
EPIC's testimony stressed that to protect student privacy, California
should adopt the Student Privacy Bill of Rights.
is also considering student privacy legislation. Senators
Edward Markey (D-MA) and Orrin Hatch (R-UT) have proposed a "Protecting
Student Privacy Act." The draft bill "(1) requires that data security
safeguards be put in place to protect sensitive student data
held by private companies; (2) prohibits the use of students'
personally identifiable information to advertise or market
a product or
service; (3) provides parents with the right to access the personal
information about their children - and amend that
incorrect — that is held by private companies just as they would if
the data were held by the school itself;
(4) makes transparent the name
of companies that have access to student information by directing
school districts to maintain a
record of all outside companies with
which the school contracts; (5) minimizes the amount of personally
that is transferred from schools to private
companies; [and] (6) ensures private companies cannot maintain dossiers
in perpetuity by requiring the companies to later delete
personally identifiable information." The legislation highlights many
of the same protections EPIC has endorsed in the Student Privacy Bill
In 2013, EPIC filed an extensive complaint with
the Federal Trade
Commission over the business practices of Scholarships.com, a website
that encourages students to divulge sensitive
medical, sexual, and
religious data in order to obtain financial aid information. Following
EPIC's complaint, the company improved
website security. Previously,
EPIC sued the Department of Education to block changes to the student
privacy law that made it possible
to disclose studentdata to third
EPIC: 'Ensuring Student Privacy in the Digital Age' (May 14, 2014)
Washington Post: EPIC Opinion Piece on Student Privacy (Mar. 6, 2014)
CA State Senate: Text of Student Privacy Act (Feb. 20, 2014)
FL State Senate: Student Privacy Act (May 12, 2014)
EPIC: EPIC v. U.S. Department of Education
Sen. Ed Markey (D-MA): Press Release on Student Privacy (May 14, 2014)
EPIC: FTC Complaint re: Scholarships.com (Dec. 12, 2013)
EPIC: Student Privacy
 FTC Report on Data Brokers Fails to Address Privacy
The Federal Trade Commission has published a
report, "Data Brokers: A
Call for Transparency and Accountability." The report enumerates the
extensive collection of personal
information about American consumers
that is widely sold in the private sector. The FTC report recommends
only modest legislative
changes, including transparency and
accountability laws specific to each of the report's three identified
categories of data-broker
"products": "marketing," "risk mitigation,"
and "people search."
The Commission's report similarly failed to address many consumer
issues, including consumer profiling and "scoring." Similarly, the FTC
made no mention of the Consumer Privacy Bill of
Rights or the Fair
Information Practices, the set of privacy and accountability practices
on which the CPBR is based. Commissioner
Julie Brill went so far as to
issue a separate statement calling for more substantial consumer
safeguards. Specifically, Brill
highlighted data brokers' ability to
discriminate against certain consumers, noting "that data that closely
follow categories that
are not permissible grounds for treating
consumers differently in a broad array of commercial transactions will
be used in exactly
The Commission report also failed to discuss the significance of
existing proposed data broker legislation, such as
The Data Broker
Accountability and Transparency Act of 2014, or DATA, Act, introduced
by Senators Jay Rockefeller (D-WV) and Ed
Markey (D-MA), which imposes
transparency and accountability requirements on data brokers and other
companies that profit from
the collection and sale of consumer
information. Under the Act, data brokers would be required to establish
websites to inform
and update consumers and be prohibited from
soliciting or collecting consumer data under false pretenses; consumers
would be able
to access their personal information, make corrections,
and opt out of marketing schemes; and the FTC would be empowered to
civil penalties on violators.
In 2005, EPIC testified before the House Commerce Committee on
"Identity Theft and Data Broker Services."
EPIC emphasized to Congress
"the extraordinary urgency of addressing the unregulated sale of
personal information in the United
States and how the data broker
industry is contributing to the growing risk of identity theft in the
United States." EPIC Executive
Director Marc Rotenberg urged Congress
to establish comprehensive regulation of the data broker industry
following the disclosure
that data-broker ChoicePoint was selling
personal information to criminals engaged in identity theft. "[T]here
is no meaningful
way that market-based solutions can protect the
privacy of American consumers when consumers have no direct dealings
with the companies
that collect and sell their personal information,"
Rotenberg stated. "There is too much secrecy, too little accountability,
too much risk of far-reaching economic damage."
FTC: "A Call for Transparency and Accountability" (May 2014)
FTC: Julie Brill Statement on Data Broker Report (May 27, 2014)
FTC: Data Broker Report Press Release (May 27, 2014)
FTC: Data Broker Investigation Press Release (Dec. 18, 2012)
Sens. Markey and Rockefeller: DATA Act of 2014 (Feb. 12, 2014)
EPIC: Testimony before US House on Data Brokers (May 5, 2009)
EPIC: Congressional Testimony on Data Brokers and ID Theft (May 2005)
EPIC: Online Consumer Profiling
EPIC: Federal Trade Commission
 Sprint Pays FCC a Record $7.5M for Violating 'Do
Sprint has reached a $7.5 million settlement
with the Federal
Communications Commission for violations of the "Do Not Call" national
registry, the FCC's largest Do Not Call
According to the FCC, Sprint failed to honor customer requests to opt
out of phone and text communications. The
settlement follows a 2011
consent decree between Sprint and the FCC, which also arose out of
complaints from Do Not Call registrants,
for which Sprint had to pay
$400,000. Under the terms of the current settlement, Sprint must, in
addition to the fine:
and implement a "robust compliance plan" with a
designated Compliance Officer
* Develop company-specific operating procedures
and policies for Do
* Implement an employee training program on how to comply with
consumer Do Not Call
* Report any noncompliance to the FCC
* File both an initial 90-day and annual compliance reports.
EPIC has promoted the establishment and enforcement of the
Telephone Consumer Protection Act. In 2002, EPIC and 10 leading
groups filed comments with both the FCC and the Federal Trade
Commission, advocating the creation of the Do Not Call Registry. EPIC
has also recommended that Congress establish a National Do Not Track
registry for online consumers.
FCC: Press Release on Sprint
Settlement (May 19, 2014)
FCC: Text of Sprint Settlement (May 19, 2014)
FTC: Do Not Call Registry Page
FCC: Text of 2011 Sprint Consent Decree (May 2011)
EPIC: Telemarketing and the Telephone Consumer Protection Act (TCPA)
EPIC et al.: Letter to FCC/FTC on TCPA (Dec. 9, 2002)
EPIC: Statement Before US House on Do Not Track (Dec. 2, 2010)
EPIC: Do Not Call Registry Timeline
EPIC: Illegal Sale of Phone Records
EPIC: NCTA v. FCC
EPIC: Illegal Sale of Phone Records
EPIC: Federal Trade Commission
 News in Brief
DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret
According to the DHS, the agency received 964 privacy complaints
September 1, 2013 and November 30, 2013. By comparison, DHS received
295 privacy complaints during the same period in 2011.
According to the
report, most DHS systems comply with Privacy Act notice requirements.
However, the report also indicates that
the DHS maintains many databases
with personally identifiable information that lack required Privacy Act
Report to Congress (Apr. 2014)
DHS: Quarterly Report to Congress (Mar. 2012)
EPIC: DHS Chief Privacy Office and Privacy
Consumer Reports: 85% of Shoppers Oppose Internet Ad Tracking
According to a recent study by Consumer Reports, consumers
overwhelmingly object to having their online activities tracked for
advertising purposes. The report found that 85% of consumers
not trade even anonymized personal data for targeted ads. Additionally,
76% of consumers said that targeted advertising adds
"little or no
value" to their shopping activities.
Consumer Reports: Study on Consumers and Data Brokers (May 27, 2014)
EPIC: Public Opinion on Privacy
EPIC: Privacy and Consumer Profiling
EPIC: Online Tracking and Behavioral Profiling
EPIC: Practical Privacy Tools
Google Plans Advertising on Appliances, Including Nest Thermostat
In a letter to the US Securities and Exchange Commission,
announced plans to place targeted ads on Google-controlled appliances.
"A few years from now, we and other companies could
be serving ads and
other content on refrigerators, car dashboards, thermostats, glasses,
and watches, to name just a few possibilities,"
Google wrote. The
proposal raises significant privacy concerns for the "Internet of
Things." Earlier in 2014, EPIC warned the FTC
acquisition of Nest Labs, maker of a smart thermostat, stating, "Google
regularly collapses the privacy policies
of the companies it acquires."
Nevertheless, the Commission approved Google's acquisition without
to SEC re: Advertising (Jan. 29, 2013)
EPIC: Comments to FTC on 'Internet of Things' (June 1, 2013)
EPIC: Complaint to FTC re: Google's Acquisition of Nest (Mar. 21, 2014)
Google: Press Release on Acquisition of Nest Labs (Jan. 13, 2014)
FTC: Announcement of Approval in Google/Nest Deal (Feb. 4, 2014)
EPIC: In re: WhatsApp
Press Groups Challenge Ban on Commercial Drones
More than a dozen news media organizations have filed a "friend of the
court" brief opposing the Federal Aviation Administration's ban on
commercial drones. The ban was suspended earlier in 2014 by
administrative judge. The news organizations argue that the ban
violates the media's First Amendment right of the press; however,
rule concerns public safety rather than the content of speech or the
identity of the speaker. In 2012, EPIC, joined by over
organizations, petitioned the Federal Administration Agency to address
the privacy issues raised by drones and in 2013 the
Agency agreed to do
so. In response to the FAA's 2013 request for public comments in 2013,
EPIC urged the Federal Aviation Administration
to mandate minimum
privacy standards for drone operators.
Media Coalition: "Friend of the Court" Brief re: Drones (May 6, 2014)
NTSB: Suspension of Drone Ban (Mar. 6, 2014)
EPIC et al.: Petition to FAA re: Drone Privacy (Mar. 8, 2012)
EPIC: Letter from FAA re Drone Privacy (Feb. 14, 2013)
EPIC: Comments to FAA re: Drone Privacy (Apr. 23, 2013)
EPIC: Domestic Drones
 EPIC in the News
"Computer Programs Are People, Too." The Nation, May 29, 2014.
"FTC report urges curbs on data brokers, transparency for consumers."
The Seattle Times, May 28, 2014.
"New Curbs Sought on the Personal Data Industry." The New York Times,
May 27, 2014.
"85% of online consumers oppose Internet ad tracking, Consumer Reports
finds." Consumer Reports, May 27, 2014.
"Can Student Data Improve Learning Without Compromising Privacy?"
Government Technology, May 27, 2014.
"Include the Public in the Debate." Opinion by EPIC Adminstrative Law
Counsel Khaliah Barnes. The New York Times, May 26, 2014.
"'Smart pills' with chips, cameras and robotic parts raise legal,
ethical questions." The Washington Post, May 24, 2014.
"Missouri lawmakers back electronic privacy efforts." Jefferson City
News Observer, May 24, 2014.
"Some Privacy, Please? Facebook, Under Pressure, Gets the Message."
The New York Times, May 22, 2014.
"What's Really At Stake? Untangling the Big Issues Around Student
Data." KQED's Mind/Shift, May 22, 2014.
"Hackers target millions of eBay users." Euro News, May 22, 2014.
"Google Could Soon Put Ads Almost Everywhere;Even on Your Face." Fast
Company, May 21, 2014.
"Assange targeted by FBI probe, US court documents reveal." The
Sydney Morning Herald, May 20, 2014.
"What you really agree to when you click 'accept'." CNN Money, May
"California finds 'right to privacy' for anonymous online commenters."
Reuters, May 16, 2014.
"Breaking down the White House big data and privacy report."
CNN Money, May 16, 2014.
"Europe court ruling reboots Web privacy rules for Google, others."
Los Angeles Times, May 14, 2014.
For More EPIC in the News: http://epic.org/news/epic_in_news.html
 EPIC Bookstore
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
S. Zaid (EPIC 2010). Price: $75.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy
Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video
Voyeurism Prevention Act, and the
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore: http://www.epic.org/bookstore
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
Fourth Annual International Summit on the Future of Health Privacy.
Washington, DC, June 4-5, 2014. For More Information:
Computers, Freedom & Privacy. Warrenton, VA, June 8-10, 2014.
For More Information: http://cfp.org/2014.
Italian Parliament: "Toward an Internet Bill of Rights." Speaker:
EPIC President Marc Rotenberg. Rome, June 16, 2014. For More
OECD: "Internet Policy and Governance." Speaker: EPIC President Marc
Rotenberg. Paris, June 20, 2014.
IEEE Presents "Reintroducing
Norbert Wiener in the 21st Century."
Boston, 24-26 June 2014. For More Information:
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718
Connecticut Ave. NW, Suite
200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Subscribe/unsubscribe via web interface:
Back issues are available at: http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 21.10------------------------