Electronic Privacy Information Center

Focusing public attention on emerging privacy and civil liberties issues

Revised Google Books Settlement Fails to Fix Key Problems

Even after revisions, the Google Books Settlement still fails to address antitrust, privacy, and copyright concerns, according the the US Justice Department, privacy advocates, and academic authors.On February 4, the Justice Department filed a brief and issued a statement opposing the revised settlement. The Department said the revisions still ran afoul of authors' copyrights and did not fix antitrust problems. EPIC also continues to object to the settlement because it does not contain adequate privacy protections for readers. On February 4, EPIC informed the court of its intent to appear at the February 18 Fairness Hearing on behalf of users' privacy interests. For more information, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy.

FCC Commits to Protecting Consumers in FY 2011 Performance Plan

The Federal Communications Commission (FCC) released its FY 2011 budget request and performance plan. The FCC requests funding for furthering cybersecurity, implementing the National Broadband Plan, revamping the FCC's data systems and processes, and modernizing the agency's communications tools and expertise. The FCC prioritizes implementation of the National Broadband Plan and protection of consumers in the agency's performance goals. Objectives with respect to consumers include addressing 100% of complaints filed with the Commission alleging violations of the Communications Act and taking appropriate action within 15 months, rigorously enforcing the Telephone Consumer Protection Act, and ensuring "through litigation where necessary, that consumers are protected from anticompetitive practices."

EPIC Seeks Records on Google-NSA Relationship

Today EPIC filed a Freedom of Information Act request with the National Security Agency, seeking records regarding the relationship between Google and the NSA. The press reported that Google and the NSA have entered into a partnership following a recent hacker attack on Google originating from China. The EPIC FOIA request also seeks NSA communications with Google regarding Google's failure to encrypt Gmail and cloud computing services. In March 2009, EPIC filed a complaint with the Federal Trade Commission urging it to investigate the adequacy of Google's cloud computing privacy and security safeguards. Today EPIC also filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. For more information, see EPIC FOIA Litigation and EPIC Cloud Computing.

EPIC Sues NSA to Force Disclosure of Cyber Security Authority

EPIC has filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. The document, National Security Presidential Directive 54 grants the NSA broad authority over the security of American computer networks. The agencies violated the Freedom of Information Act by failing to make public the Directive and related records in response to EPIC's request. EPIC's suit asks a federal judge to require the release of the documents. Congress is currently debating cyber security policy. For more information, see EPIC FOIA Litigation, EPIC Critical Infrastructure Protection.

Federal Trade Commission Sets out Priorities But Lacks Strategy for Privacy Protection

The Federal Trade Commission released the Congressional budget justification summary for FY 2011 and performance plan for FY 2010-11. The FTC documents list three strategic goals: protect consumers, maintain competition, and advance performance. Objectives include improving consumer education, identifying and stopping “fraud, deception and unfair practices,” and “protecting American consumers in the global marketplace.” Although the FTC Implementation Plan includes the development of approaches to implement OECD Guidelines on consumer protection in the context of electronic commerce, there is no mention of implementing OECD Guidelines on privacy protection.

Federal Budget Announced for Fiscal Year 2011, Surveillance Projects Scrutinized

The Office of Management and Budget has released the federal budget for fiscal year 2011. The budget proposes funding for several new surveillance initiatives, including over $700 million to the Department of Homeland Security for "Passenger Aviation Security". The Department would like to purchase 500 body scanner machines for U.S. airports, bringing the projected total number of machines to 1,000 at a cost of over $200 million by the end of 2011. The new budget also includes several hundred million dollars for the Department of Justice's national security programs, which were recently the subject of a critical Inspector-General's report for improper use of authority. For more information, see EPIC DHS and Privacy, EPIC Domestic Surveillance, EPIC Air Travel Privacy, and EPIC Whole Body Imaging.

Facebook Users Object to Beacon Settlement

Facebook users filed papers in federal court objecting to a proposed deal that would extinguish the company's liability for disclosing personal information in violation of federal law. Users criticized the class action settlement, stating "the class receives no meaningful relief." Other objectors alleged "in effect, Facebook is paying itself the benefit but class members are releasing their individual privacy claims." EPIC previously submitted a letter to the judge hearing the case. EPIC's letter opposes the settlement and proposes alternatives that would enable stronger privacy safeguards for Facebook users in the future. For more information, see EPIC Facebook Privacy, EPIC Harris v. Blockbuster.

Homeland Security Releases Annual FOIA Report

The Department of Homeland Security has released the 2009 Freedom of Information Act Report. The report shows that the Department processed over 160,000 requests in the past year, with 27,182 requests remaining pending. Of the requests processed, 11% were granted in full, 60% were classified as "partial grants/partial denials," and the remaining 29% were denied in full. The overwhelming majority of backlogged requests and appeals are pending at the Customs and Immigration Service. For denied requests with processed appeals, nearly 30% were fully reversed on appeal, and another 32% were reversed in part. EPIC currently has two FOIA cases pending against the Department relating to its use of Body Scanner machines. For more information, see EPIC v. DHS, EPIC FOIA Litigation Docket.

EPIC Urges Increased Privacy for “Global Entry” Registered Traveler Program

On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.

EPIC Honors Michael Kirby

EPIC presented the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980. The OECD Guidelines consist of eight principles that have provided the basis for national laws, international agreements, and privacy frameworks that have been adopted around the world. "The international privacy community owes Justice Kirby a huge debt for his critical role working with leading experts from North America, Europe and Asia to develop the Guidelines,” said Jennifer Stoddart, Privacy Commissioner of Canada. The Award will be presented to Justice Kirby at the OECD in Paris on March 10, 2010. The 2009 EPIC International Privacy Champion Award was given to Italian jurist Professor Stefano Rodota. The 2010 EPIC US Privacy Champion Award was given to Beth Givens, founder and director of the Privacy Rights Clearinghouse in San Diego, California.

EPIC Urges FTC to Protect Users' Privacy On Cloud Computing and Social Networking Services

EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission's “lack of leadership and technical expertise.” EPIC's comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy.

Experts Urge Secretary Clinton to Act on International Privacy Convention

Twenty-nine experts in privacy and technology have sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. More than forty countries have ratified the Convention, which was opened for signature on January 28, 1981. The letter calls attention to Secretary Clinton's recent remarks on Internet Freedom and the Madrid Declaration in which civil society groups have urged countries that have not yet ratified the Council of Europe Convention to do so as soon as possible. The signatories state, "privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all."