In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2010. The gallery highlights key documents obtained by EPIC in the past year, including records detailing the privacy risks posed by airport body scanners, fraudulent "parental control" software, and federal agencies' contracts with social networking web sites. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.
EPIC has been asked to testify before the Subcommittee on Transportation Security and Infrastructure Protection on Wednesday, March 17, 2010. The hearing will examine "An Assessment of Checkpoint Security: Are Our Airports Keeping Passengers Safe?" EPIC is expected to discuss the documents it has recently obtained in an open government lawsuit against the DHS. For more information, see EPIC: Whole Body Imaging.
Netflix canceled its second $1 million Netflix Prize after privacy concerns from the FTC and a federal lawsuit alleging invasion of privacy and violations of the Video Privacy Protection Act. The Netflix contest challenged contestants to find a superior movie-recommendation algorithm from “anonymized” datasets that included movie ratings, date of ratings, unique ID numbers for Netflix subscribers, and movie information. In 2006, during the first Netflix Prize contest, researchers conducted a study that revealed if a person has information about when and how a user rated six movies, that person can identify 99% of people in the Netflix database. After productive discussions with the FTC over reidentification concerns which stemmed from this study, Netflix and the federal agency reached an understanding on how Netflix would use user data in the future. Netflix also settled the VPPA lawsuit. For more information, see EPIC: Reidentification.
The National Security Archive at George Washington University has released the results of its annual government-wide FOIA audit. The audit tested agency responsiveness to President Obama's new directives on government transparency and openness. The Archive report concluded that less than half of federal agencies have responded to the new open government directives with concrete changes, and only four agencies "show both increases in releases and decreases in denials under the FOIA." Attorney General Eric Holder spoke today about the administration's FOIA record. For more information, see EPIC Open Government.
In formal comments, EPIC urged the California Public Utility Commission to adopt privacy safeguards for Smart Grid systems to protect consumer electricity usage information from unauthorized collection, use, and disclosure. Smart Grid networks uniquely identify individual electrical appliances, and create new privacy risks. EPIC recommended that policies be established to protect consumer data, including limitations on data collection, new security standards, and independent oversight. For more information, see EPIC: Smart Grid.
Massachusetts’s new data protection law went into effect at the beginning of March. The law applies to all companies that own or license the personal information of Massachusetts residents. According to the new regulations, companies are now required to create a comprehensive security program that details how personal information will be safeguarded. Governor Deval Patrick stated, “Consumers should feel confident that their personal information is protected, and not exposed to loss or theft. These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.” For more information on privacy and identity theft, see EPIC: Identity Theft.
On March 2, 2010, the German Federal Constitutional Court ruled that a law allowing law enforcement authorities to store telephone and Internet data is inconsistent with the right to privacy under the German Constitution. The law allows data on calls and e-mail exchanges to be retained for six months, and made available for use by criminal authorities. The court found that the law went beyond the original intent of the directive the European Union enacted in March 2006. EPIC has documented the impact of data retention requirements. For more information, see EPIC’s webpage on data retention.
In response to an EPIC Freedom of Information Act lawsuit, the Department of Homeland Security and the Transportation Security Administration (TSA) released more documents about body scanners in US airports. The documents include many complaints from travelers who went through the devices. Travelers reported that they were not told about the pat down alternative or that they were going to be subject to a body scan by TSA officials. Travelers also expressed concern about radiation risks to pregnant women and the image capture of young children without clothes. EPIC has previously obtained whole body imaging vendor contracts, operational requirements, and procurement specifications from TSA. EPIC and Ralph Nader have urged President Obama to suspend the program until an independent review is completed. For more information see EPIC: Whole Body Imaging Technology.
The FTC has sent a letter to EPIC regarding the February 2010 EPIC complaint about Google’s recently launched social networking tool, Google Buzz. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises interesting issues that relate to consumer expectations about the collection and use of their data.” Further, the FTC Director highlights the importance of having consumers “understand how their data will be used” and allowing consumers the “opportunity to exercise meaningful control over such uses.” EPIC has since filed an amended complaint with the FTC that describes how Google Buzz violated Google’s own privacy policy for Gmail. For more information, see EPIC: In re Google Buzz.
The Judiciary Subcommittee on Human Rights and the Law held a hearing on "Global Internet Freedom and the Rule of Law," which focused on information technology industry business practices in countries that restrict the internet . The Senate hearing came one month after Secretary Clinton delivered a speech on internet freedom. Following the speech, EPIC and 29 experts of technology and privacy wrote a letter to Secretary Clinton, urging the United States to begin the process of ratifying the Council of Europe Convention on Privacy, which seeks to protect fundamental human rights as technology advances. EPIC made the same recommendation in statements for the record for a House hearing on Google and U.S. Cyberspace Policy, and for the Senate hearing on Internet Freedom. For more information, see Letter from State Department regarding Clinton Letter and EPIC’s NSPD-54 complaint.
The Senate confirmed Julie Brill, former Vermont Assistant Attorney General, to fill a vacancy for FTC Commissioner. Brill served for over 20 years as Vermont’s Assistant Attorney General for Consumer Protection and Antitrust, and currently serves as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. Brill has had experience with several important consumer protection issues, including tobacco, food and drug, antitrust, and privacy and identity theft. Senator Leahy (D-VT) expressed support for Brill’s confirmation, proclaiming, “We again have an FTC that is on the side of the consumers. Julie Brill will help revitalize an FTC that has languished while consumers’ interests have given way to special interests.”
EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of those who sign petitions. In Doe v. Reed, the Court has been asked to determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC's brief argues that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. For more information, see EPIC Doe v. Reed.
EPIC FOIA Note #16: 
