WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2014 >> [2014] EPICAlert 23

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 21.22 [2014] EPICAlert 23

EPIC Alert 21.22

======================================================================= E P I C A l e r t ======================================================================= Volume 21.22 November 26, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC "Defend Privacy. Support EPIC." ========================================================================= Table of Contents ========================================================================= [1] Senate Republicans Block US Surveillance Reform [2] EPIC Seeks Reports on FISA Court Decisions [3] Senate Committee Endorses FOIA Improvements Act [4] FTC Fines Privacy Certification Company TRUSTe [5] Report Reveals Homeland Security Misplaced 12,000 FOIA Requests [6] News in Brief [7] EPIC in the News [8] EPIC Bookstore [9] Upcoming Conferences and Events TAKE ACTION: Rock the Freedom of Information Act with FOIA.ROCKS! VISIT EPIC's New FOIA Domain: TWEET in Support of FOIA: #FOIAat40 LEARN about EPIC's FOIA Work: SUPPORT EPIC: ========================================================================= [1] Senate Republicans Block US Surveillance Reform ========================================================================= An effort to pass the USA FREEDOM Act, led by Senator Patrick Leahy (D-VT), failed on a narrow 58-42 procedural vote November 18. Senator Leahy, in a press release following the vote, stated he was disappointed in the bill's defeat but added, "the broad coalition we have built in favor of the USA FREEDOM Act shows that we are gaining ground." The USA FREEDOM Act, whose stated purpose was to "reform the authorities of the Federal Government to require the production of certain business records, conduct electronic surveillance, use pen registers and trap and trace devices, and use other forms of information gathering for foreign intelligence, counterterrorism, and criminal purposes, and for other purposes," would have ended the NSA's bulk collection of US telephone records as well as improve oversight and accountability of the Foreign Intelligence Surveillance Act. The bill also would have required the appointment of special advocates to argue before the FISA Court, advocating interpretations of the law that protect privacy and civil liberty interests. In 2013, EPIC petitioned the US Supreme Court to suspend the bulk collection of Americans' telephone records, arguing that the Foreign Intelligence Surveillance Court exceeded statutory authority when it authorized the NSA to collect those records. EPIC's petition was supported by dozens of legal scholars and former members of the Church Committee. In 2012, EPIC testified before Congress in support of increased transparency and reporting government FISA activity, and recommended that the Foreign Intelligence Surveillance Court's decisions be made public. In particular, EPIC urged for the publication of an annual FISA report, similar to the comprehensive Wiretap Reports provided each year by the Administrative Office of the US Courts, to ensure effective public oversight of FISA authority. "Before renewing the Act," EPIC said, "we urge the committee to carefully assess these new procedures and to strengthen the oversight mechanisms by (1) improving public reporting requirements, and (2) strengthening the authority of the FISA Court to review the government's use of FISA authorities." Sen. Patrick Leahy (D-VT) Press Release on Senate Vote (Nov. 18, 2014) GPO: Text of USA FREEDOM Act, as Passed by US House (May 22, 2014) EPIC: In re EPIC Petition (July 8, 2013) EPIC: Statement before House on FISA Amendments (May 31, 2012) EPIC: Foreign Intelligence Surveillance Act Reform EPIC: In re EPIC ======================================================================== [2] EPIC Seeks Reports on FISA Court Decisions ======================================================================== EPIC has filed a Motion for Summary Judgment in a Freedom of Information Act lawsuit against the Department of Justice, arguing that the agency improperly withheld records sought by EPIC. The lawsuit stems from EPIC's 2013 FOIA request for semiannual reports on the NSA's use of pen registers and trap and trace devices. The Justice Department determined that EPIC's FOIA request qualified for expedited processing but failed to process the request in the 20 days required by law. EPIC responded by filing a lawsuit for the documents. The US Attorney General is required to provide semiannual reports to the House and Senate Intelligence Committees. These reports list significant FISA Court decisions and include the total number of FISA applications filed by the government as well as the number of US persons targeted for surveillance. Similar reports are also made available to the public. EPIC's lawsuit argues that the Justice Department reports should be disclosed because they describe topics of "utmost importance to the public and are necessary to inform the ongoing debate over current surveillance authorities." EPIC also contends that the Department failed to establish that the documents could be withheld under FOIA exemptions pertaining to law enforcement purposes and national security information. EPIC maintains a summary of all the annual FISA statistics published by the Attorney General. The most recent annual FISA report shows that in 2013, there were 1,588 requests to conduct FISA surveillance, with 34 modifications. The FISA Court also granted 178 business record orders under Section 215, with 141 modified by the court. EPIC: EPIC v. DOJ: EPIC Summary Judgment Motion (Nov. 21, 2014) EPIC: FOIA Request to DOJ (Oct. 3, 2013) EPIC: EPIC v. DOJ - Pen Register Records EPIC: FISA Court Orders EPIC: Foreign Intelligence Surveillance Act (FISA) EPIC: FOIA Cases ========================================================================= [3] Senate Committee Endorses FOIA Improvements Act ========================================================================= A bill to improve the Freedom of Information Act has passed unanimously from the US Senate Judiciary Committee. The FOIA Improvement Act, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), will strengthen the Office of Government Information Services and require new reporting on the use of exemptions and audits of agency FOIA processes. The bill codifies the presumption of openness; requires that agencies must demonstrate a foreseeable harm in order to withhold information; and closes a loophole that allows agencies to charge fees to requesters regardless of how long the agency delays processing a request. The House of Representatives has already passed similar legislation. EPIC called for many of these reforms in an October 2014 letter to President Obama. EPIC and a coalition of open government advocates urged the President to honor his commitment to an "unprecedented level of openness" in his administration by pushing Congress to update the Freedom of Information Act. The coalition identified six core ways the FOIA should be updated: (1) Codify a presumption of disclosure; (2) Require agencies seeking to withhold to show foreseeable harm; (3) Require agencies to weigh the public interest when withholding under Exemption 5; (4) Exclude from Exemption 5 records older than 25 years; (5) Waive fees when agencies miss statutory deadlines; and (6) Expand the role of OGIS. Sen. Leahy: Press Release on FOIA Improvements Act (Nov. 20, 2014) US Senate: Text of FOIA Improvements Act. (Jun. 24, 2014) EPIC et al.: Coalition Letter to President Obama (Oct. 23, 2014) The White House: Memorandum on Transparency and Open Government (2009) EPIC: Open Government EPIC: EPIC FOIA Cases FOIA.ROCKS ======================================================================== [4] FTC Fines Privacy Certification Company TRUSTe ========================================================================= The Federal Trade Commission has settled a consent agreement with TRUSTe, a company that provides privacy certifications for online businesses, including children's privacy and the US-EU Safe Harbor program, after charging that TRUSTe deceived consumers with the company's privacy seal program. TRUSTe performs privacy compliance assessments for websites, and provides a set of icons for websites to display. By displaying TRUSTe icons, websites convey to users that they comply with various privacy requirements. The FTC brought the charges under Section 5 of the FTC Act, which allows the Commission to prohibit "unfair or deceptive" trade practices. The FTC charged TRUSTe with failure to conduct re-certifications for companies that displayed privacy seals, although TRUSTe's website states that it conducts annual re-certifications. "TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge," stated FTC Chairwoman Edith Ramirez. Under the consent agreement, TRUSTe is prohibited from misrepresenting business practices to consumers, must pay a $200,000 fine, and must submit a detailed filing to the FTC every year describing its COPPA recertification process. The Federal Trade Commission has also investigated a number of companies displaying Safe Harbor or other privacy seals without renewing their certifications. The Safe Harbor Framework, coordinated by the Department of Commerce, is an industry-developed, self- regulatory approach to privacy compliance that allows firms to self- certify privacy policies. In February 2014, the FTC settled charges with 12 companies for failure to renew their Safe Harbor privacy certifications while continuing to post the Safe Harbor icon on their websites. EPIC subsequently submitted comments to the FTC regarding the proposed settlement agreements. The comments highlighted the weaknesses in Safe Harbor oversight, and urged the FTC to prioritize Safe Harbor enforcement and to broaden the scope of the consent orders by requiring the companies to comply with the Consumer Privacy Bill of Rights. EPIC also requested that the FTC to make public the companies' annual compliance reports. FTC: TRUSTe Settlement Press Release (Nov. 17, 2014) FTC: Consent Agreement with TRUSTe (Nov. 17, 2014) FTC: TRUSTe Complaint (Nov. 17, 2014) TRUSTe US-EU Safe Harbor EPIC: FTC Safe Harbor Comments (Feb. 20, 2014) EPIC: Federal Trade Commission ========================================================================= [5] Report Reveals Homeland Security Misplaced 12,000 FOIA Requests ========================================================================= A new Government Accountability Office report details the Department of Homeland Security's massive mishandling of Freedom of Information Act (FOIA) requests. According to the GAO report, Customs and Border Protection, a component of DHS, "experienced a large increase in the number of its backlogged requests from fiscal year 2011 through fiscal year 2013—from 4,356 requests to 37,848 requests." The GAO found that the increase in backlogged requests was attributable to two problems: "First, approximately 11,000 FOIA cases that were improperly closed in 2012 had to be reopened and reprocessed. Second, after its reorganization, a new manager found a stack of boxes containing 12,000 paper requests from 2012 that had never been entered into their processing system," the report said. In October, EPIC, joined by a coalition of open government organizations, wrote to the Office of Government Information Services, urging it to investigate federal agencies for improperly closing FOIA requests. EPIC's letter describes a FOIA request to the TSA to which the agency failed to respond for four years. When the TSA finally responded, it informed EPIC that the request would be administratively closed unless EPIC communicated to the agency that it was still interested in the matter. According to EPIC's letter, "The agency cited no statutory basis for closing the request, nor did it advise EPIC of any appeal rights regarding this decision . . . In fact, the agency did not even tell EPIC where to address a response." "We know of no provision in the Act that allows for administrative closure simply due to the lapse of time," the letter adds, "and in this case, the delay was only caused by the TSA. Nor is there a provision under the DHS FOIA Regulations (6 C.F.R. 5) that allows for administrative closure due to age of a request." The coalition further urged OGIS to develop guidance advising agencies how to handle older requests in a manner that complies with the FOIA. GAO: Report on Missing DHS FOIA Requests (Nov. 2014) EPIC et al.: Letter to OGIS re: FOIA Requests (Oct. 30, 2014) EPIC: Open Government EPIC: FOIA Cases FOIA.ROCKS ======================================================================== [6] News in Brief ======================================================================== EPIC Joins Call for Stronger Encryption Standards EPIC, joined by several civil society groups and software companies, has urged the National Institute of Standards and Technology to adopt "secure and resilient encryption standards, free from back doors or other known vulnerabilities." The letter argues that the National Security Agency might influence the standard-setting process to enable surveillance of private communications. Earlier in 2014, EPIC and a similar coalition advised NIST to discontinue support for a random number generator algorithm compromised by the NSA. In 2013, EPIC recommended that NIST inform the public of the full extent of the NSA's involvement in the agency's Cybersecurity Framework. EPIC President Marc Rotenberg first warned Congress in 1989 that the NSA could influence NIST encryption standards. EPIC et al.: Letter to NIST re: Encryption Standards (Nov. 20, 2014) EPIC et al.: Letter to NIST re: Encryption Algorithms (Apr. 18, 2014) EPIC: Letter to NIST re: Cybersecurity Framework (Dec. 13, 2013) EPIC: Congressional Testimony re: NSA and Encryption (May 1989) EPIC: Cryptography Policy Sen. Markey Asks Justice Department About Cell Phone Tracking Program Senator Edward J. Markey (D-MA) has sent detailed questions to Attorney General Holder regarding recent reports that law enforcement agencies have deployed aircraft equipped with cell tower simulators to capture mobile phone communication. The devices, known as "IMSI catchers" or "Stingray," identify and track cell phone users. "The sweeping nature of this program and likely collection of sensitive records . . . raise important questions about how the Department protects the privacy of Americans" with no connection to unlawful activities, Senator Markey wrote. Earlier in November, EPIC successfully sued the FBI to obtain documents about the agency's use of Stingray devices. EPIC has also filed "friend of the court" briefs in the US Supreme Court and the Supreme Court of New Jersey, arguing that location tracking is a search under the Fourth Amendment and should only be conducted with a judicial warrant. Sen. Ed Markey (D-MA): Letter to USAG re: Stingray (Nov. 14, 2014) The Wall Street Journal: "Americans' Cellphones Targeted in Secret U.S. Spy Program" (Nov. 13, 2014) secret-u-s-spy-program-1415917533 EPIC: EPIC v. FBI - Stingray / Cell Site Simulator EPIC: US v. Jones EPIC: State of New Jersey v Earls EPIC: Locational Privacy WhatsApp Implements End-to-End Encryption Messaging service WhatsApp, in conjunction with security provider Open Whisper Systems, has announced plans to implement end-to-end encryption for Android phones. WhatsApp gained popularity as a pro-privacy alternative to text messaging, but users and privacy advocates questioned the app's privacy policies after Facebook acquired the company in early 2014. EPIC subsequently filed two complaints with the Federal Trade Commission, urging the FTC to block the sale unless adequate privacy safeguards for WhatsApp users were established. The Commission notified Facebook and WhatsApp that they must honor their privacy commitments to WhatsApp users. The Open Whisper Systems protocols will ensure that users' messages are encrypted from sender to receiver and not simply between the user and the service provider. Open Whisper Systems: WhatsApp End-to-End Encryption (Nov. 18, 2014) WhatsApp: Blog Post on Facebook Acquisition (Mar. 17, 2014) EPIC: In re WhatsApp (Mar. 6, 2014) EPIC: Letter from FTC to Facebook and WhatsApp (Apr. 10, 2014) White House to End Controversial 'Secure Communities' Program President Obama's executive action on immigration will end the "Secure Communities" program. Secure Communities is a controversial deportation program run by the Department of Homeland Security that relies on extensive data collection and biometric identification. Many states, including Illinois, New York, and Massachusetts, withdrew from the Secure Communities program, warning that it undermined public safety and encouraged racial profiling. Secure Communities will be replaced by the Priority Enforcement Program, which will focus on deporting convicted criminals. In 2011, EPIC, joined by a coalition of 70 organizations, urged the Inspector General of the Department of Justice to review the Secure Communities program The White House: Fact Sheet on Immigration Action (Nov. 20, 2014) EPIC: Letter from State of IL re: Secure Communities (May 4, 2011) State of NY: Letter to DHS re: Secure Communities (Jun. 1, 2011) EPIC: Letter from State of MA re: Secure Communities (Jun. 3, 2011) EPIC: Secure Communities and Privacy ======================================================================== [7] EPIC in the News ======================================================================== "DHS Set to Destroy Governmentwide Network Surveillance Records." NextGov, Nov. 24, 2014. governmentwide-network-surveillance-records/99737/ "Connected Car Show: Issues Arise as Automakers Look to Autonomous Vehicles." GPS World, Nov. 21, 2014. automakers-look-to-autonomous-vehicles/ "ClassDojo learns a lesson in protecting student data." NPR's "Marketplace," Nov. 19, 2014. classdojo-learns-lesson-protecting-student-data "Uber's PR stumble drives new privacy woes." Politico, Nov. 19, 2014. "ClassDojo Adopts Deletion Policy for Student Data." The New York Times, Nov. 18, 2014. deletion-policy-for-student-data/?_r=0 "Data is Uber's business. But protecting it may be its biggest weakness." The Washington Post, Nov. 18, 2014. data-is-ubers-business-but-protecting-it-may-be-its-largest- weakness/ "Uber's plot to spy on reporter is latest controversy." USA Today, Nov. 18, 2014. lacy-underscores-bro-culture-in-silicon-valley/19234569/ "Cybersecurity Battle Between FTC And Wyndham Goes To Mediation." MediaPost, Nov. 18, 2014. cybersecurity-battle-between-ftc-and-wyndham-goes.html For More EPIC in the News: ======================================================================= [8] EPIC Bookstore ======================================================================= "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Symposium on Student Privacy in Higher Education: Building Privacy Into Data-Driven Education." Speaker: Director, EPIC Student Privacy Project Khaliah Barnes. Washington, DC, December 2, 2014. For More Information: -i.html. Performance of "Interrogation (or How I Learned to Stop Worrying and Love the NSA)"; By John Feffer, Directed by Matty Griffiths. Discussion afterwords with EPIC Executive Director Marc Rotenberg. Busboys and Poets, Washington, DC. December 11, 2014. For More Information: of-interrogation. "Computers, Privacy, and Data Protection"; Brussels: January 21-23, 2015. For More Information: "EPIC 2015 International Champion of Freedom Award"; Brussels: January 22, 2015. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.22------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback