New documents released by the Department of Homeland Security to EPIC indicate the the agency continues to hide details about body scanners. In November 2010, EPIC filed a Freedom of Information Act request with the agency regarding the deployment of body scanners in surface transit and street-roving vans. In its latest document release the agency supplied several papers that were completely redacted. As a result of the agency's failure to comply with the Freedom of Information Act, EPIC has filed suit to force disclosure of the records. For more information, see: EPIC: Body Scanner Technology and EPIC: FOIA Note #20.
W3 Innovations, a company that develops mobile phone games, settled charges with the Federal Trade Commission for violations of the Children's Online Privacy Protection Act (COPPA). In the first settlement concerning a mobile application, the Commission imposed a fine of $50,000 against the company for "illegally collecting and disclosing personal information from tens of thousands of children under age 13 without their parents prior consent." EPIC previously testified before the Senate Commerce Committee and submitted comments to the FTC on the need to update COPPA and to clarify the law's application to mobile and social networking services. EPIC also has pending complaints at the FTC regarding Facebook's facial recognition program and changes Facebook made to user privacy settings. For more information, see EPIC: FTC and EPIC: COPPA.
The Department of Homeland Security wrote to State Governors, stating that the agency intends to terminate agreements with state and local governments concerning the Secure Communities program. The agency states that it intends to unilaterally pursue the program despite the termination, though it fails to cite any legal authority in support of the tactic. The statement follows lawmakers' recent criticism of Secure Communities. The program collects and discloses biometric information obtained from individuals who come into contact with police. In June, California legislators urged Governor Jerry Brown to suspend the state's participation in Secure Communities, citing a “crisis of confidence” in the program. The lawmakers identified numerous risks raised by the program and noted that "victims of domestic violence have been [wrongfully] placed into deportation proceedings as the result of Secure Communities when they simply called the police for help." Previously, Illinois, New York and Massachusetts ended their participation in the program. For more, see EPIC: Secure Communities.
The California Public Utility Commission has established new rules to protect information about consumer use of "smart meter" electrical services. The California decision, the first in the country, establishes fair information practice requirements, including a consumer right of access and control, data minimization obligations, use and disclosure limitations, and data quality and integrity requirements. Electric utilities and their contractors, as well as third party who receive electricity usage data from utilities are subject to the new rules. EPIC submitted extensive comments to the Public Utility Commission regarding privacy safeguards for consumer energy usage data. For more, see EPIC Smart Grid Privacy.
EPIC and a coalition of privacy, consumer rights, and civil rights organizations filed a statement to the Department of Homeland Security. The group opposed proposed changes to the Watchlist Service, a secretive government database filled with sensitive information. The agency has solicited comments on the program, which entails developing a real-time duplicate copy of the database and expanding the groups and personnel with immediate access to the records. The groups focused on the security and privacy risks posed by the new system, as well as The Privacy Act. Passed by Congress in 1974, the Act requires DHS to notify subjects of government surveillance in addition to providing a meaningful opportunity to correct information that could negatively affect them. EPIC has testified before Congress and published a "Spotlight on Surveillance" report about the Watchlist program. For more information, see EPIC: Secure Flight and EPIC: Passenger Profiling.
The Transportation Security Administration has begun training screeners at Logan International Airport in Boston to engage in behavioral profiling of air travelers. The program authorizes Transportation Security Officers to ask airline passengers personal questions concerning their travel plans and employment. Some travelers will be subjected to additional, invasive searches based on their responses. For more, see EPIC: Air Travel Privacy.
The Senate unanimously approved bipartisan legislation, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), to improve Freedom of Information Act (FOIA) processing. The Faster FOIA Act will create an advisory panel to examine agency backlogs and provide recommendations to Congress. The bill awaits action by the House of Representatives. EPIC previously testified before the House Oversight Committee about FOIA delays and politicized processing within the Department of Homeland Security. For more information see: EPIC: Open Government and EPIC: Litigation Under the Federal Open Government Laws.
An independent report recommends that federal agencies "improve their development and implementation of policies and procedures for managing and protecting information associated with social media use." The Government Accountability Office, an independent, nonpartisan agency, surveyed twenty-three agencies concerning privacy and security policies. Only half of the agencies have updated their privacy policies to take account of personal information collected through social media monitoring. Only a quarter conducted privacy impact assessments of agency social media activities. The GAO also noted that only seven of the surveyed agencies have identified and documented social-media security risks. In March, EPIC filed comments regarding DHS's Social Media Monitoring and Situational Awareness Initiative, identifying substantial privacy and security risks. For more information, see EPIC: Social Networking Privacy.
The House of Representatives Judiciary Committee voted to approve a bill that will require Internet Service Providers (ISPs) to retain data on every customer to allow the government to identify and track their online activity for one year. EPIC Director Marc Rotenberg testified against the bill at the subcommittee hearing, and his arguments were cited by committee members including Representative Jerrold Nadler (D-NY). After two days of deliberation, the bill was passed with an amendment to require ISPs to retain even more information: not only internet protocol addresses, but also customer names, addresses, phone records, type and length of service, and credit card numbers. This retention is a radical contradiction of the core American value that we are innocent until proven guilty, said Representative Jason Chaffetz (R-UT). The bill purports to use the data to prosecute child pornography, but Representative James Sensenbrenner (R-WI) was "not convinced it will contribute in any meaningful way to prosecuting child pornography," and Representative Zoe Lofgren (D-CA) stated that it is an "unprecedented power grab by the federal government - it goes way beyond fighting child pornography." Representative Bobby Scott (D-VA) pointed out the data would be available for many other uses, including copyright prosecution and divorce cases. This data will be made available to law enforcement officers without a warrant or judicial oversight, and is a convenient way for law enforcement to get powers they couldn't get in the Patriot Act, said Representative Darrell Issa (R-CA). For more information, see EPIC- Data Retention.
