Month: June 2021

Apple v. FBI cybersecurity encryption international privacy

EPIC Signs on to Protect Encryption in the Brazilian Code of Criminal Procedure Updates

EPIC has joined other members of the Global Encryption Coalition in a letter urging Brazil to address proposed updates to the Brazilian Code of Criminal Procedure that would threaten encryption and data security in Brazil. The text as it stands could force companies using strong security protections – such as end-to-end encryption – to introduce security flaws into their systems to be used as backdoors for law enforcement. Such measures endanger users and encourage exploitation of these weaknesses. EPIC led the effort in the United States in the 1990s to support strong encryption tools and played a key role in the development of the international framework for cryptography policy that favored the deployment of strong security measures to safeguard personal information. EPIC also filed an amicus brief in Apple v. FBI in support of encryption.

Continue reading

consumer protection

Court Dismisses Facebook Antitrust Suits, But Says FTC Case Could Be Revived

A federal court in Washington, D.C. has dismissed a pair of antitrust lawsuits brought against Facebook by the Federal Trade Commission and 48 state attorneys general—but left open the possibility that the FTC could revive its case. The lawsuits allege that Facebook has illegally stifled competition to maintain its social networking monopoly, driving down “the quality and variety of privacy options” available to users (among other harms). But Judge James E. Boasberg ruled that the FTC and attorneys general had waited too long to challenge aspects of Facebook’s Instagram and WhatsApp acquisitions, and that the FTC had failed to adequately define the social networking “market” in which Facebook exercises monopoly power. Judge Boasberg noted that the FTC may be able to correct the latter issue in an amended complaint and move forward with its case. EPIC has long urged the Federal Trade Commission to block or unwind Facebook’s acquisitions of Instagram and WhatsApp. In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. Despite these problems, the FTC allowed the merger to go forward.

Continue reading

If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!

(Psst: The FTC wants me to remind you that this website contains affiliate links. That means if you make a purchase from a link you click on, I might receive a small commission. This does not increase the price you’ll pay for that item nor does it decrease the awesomeness of the item. ~ Daisy)

How much personal information are you innocently giving out about yourself to complete strangers?

Editors Note:  This is a topic I’ve written about before here and here. And it’s more important than ever with the toxic cancel culture that exists in America today, in which many people can justify nearly any action – looting, rioting, assault, and worse – no matter how heinous, against someone who simply holds different opinions.

Some of you may want to be out there, loud and proud, about your lives and beliefs – and that’s absolutely your choice. (Prepare for this debate in 3…2…1…) Many of us, however, want to avoid altercations. We want to keep our families safe, we want to prevent potential predators from finding out our home addresses or where our kids go to school. We want to stay under the radar and be difficult to locate by those who might intend to do us harm. (After all, gray is the new black.)

That’s why this brief article that follows is especially important. You need to understand exactly how much personal information you’re giving away about yourself with your vehicle, your social media apps, and other small clues that someone with a few skills and an hour on his hands can use to build a profile about you.

by D.P. Friesen

Author of BATTLES OF ATTRITION: Surviving and Living With Masked Dangers

 The following article was previously published by D.P. Friesen on his website blog.  

Sleuthing the Life of a Random Person is Amazingly Simplistic

So, here’s a social experiment I tried this morning. I decided to see just how much personal information I could find out on a random person. As the car in front of me had some interesting bumper stickers, I picked it. I did not see the driver whatsoever and only recouped the license plate. That was all the info I had to go on other than what was visual about the car and inside within eyesight.

Here’s what I found.

Through the National Registry, I found out the owner of the car, the make, model, year purchased, how paid. I found out his personal identification number, his mother’s maiden name, his married status (divorced), ex-wife’s name, and nationality. I already know that, since his license plate number ends in 3, that he’s not allowed driving within city limits on Tuesdays due to the weekly vehicle-usage restrictions so I’ll know when his car’s at home unattended and…

Continue reading

Article III Article III Standing privacy Spokeo Spokeo v. Robins

Supreme Court Limits Standing to Sue in Credit Reporting Case

The U.S. Supreme Court issued a decision today in TransUnion LLC v. Ramirez, an important case about the ability of individuals to bring privacy cases in federal court. The Court, in a controversial 5-4 decision authored by Justice Kavanaugh, held that proof of “concrete harm” is required to establish standing to sue under Article III of the U.S. Constitution. The jury in this case found that TransUnion had willfully violated the Fair Credit Reporting Act (FCRA) when it falsely flagged the credit reports of thousands of individuals for being “Specially Designated Nationals” under the Office of Foreign Asset Controls list that includes terrorists, drug trafficers, and other sanctioned individuals. The Supreme Court held that the group of individuals who could prove that these false credit reports had been disclosed to third parties had standing to sue, but the group who did not provide evidence that their reports had been disclosed did not meet the burden under Article III.

This decision will have significant implications for individuals seeking redress in federal court for privacy violations that do not involve the improper disclosure of personal information. EPIC filed an amicus brief in TransUnion, urging the Court to hold that people can sue when their privacy rights are violated, regardless of whether they allege that the violation led to other harms. Justice Thomas, joined by three other members of the Court, agreed and would have ruled that standing exists in any case brought by an individual to vindicate a violation of their private rights. EPIC’s Executive Director, Alan Butler, said that “the Supreme Court’s decision in TransUnion does not close the door on all privacy claims, but it certainly makes it more difficult for individuals to seek redress in privacy cases that don’t involve improper disclosure of information.” EPIC previously filed an amicus briefs on this issue with the Supreme Court in Spokeo v. Robbins and frequently files amicus briefs in cases interpreting standing under a variety of privacy laws.

Continue reading

antitrust FTC Google policy WhatsApp

House Judiciary Considering Antitrust Reform Bills

The House Judiciary Committee is today holding a markup session on six bills aimed at disrupting the monopoly power of Big Tech. EPIC has long argued that market consolidation in online platform threatens privacy. More than a decade ago, EPIC urged the FTC to block Google’s proposed acquisition of DoubleClick. EPIC said that the acquisition would enable Google to collect the personal information of billions of users and track their browsing activities across the web. EPIC correctly warned that this acquisition would accelerate Google’s dominance of the online advertising industry and diminish competition. The FTC ultimately allowed the merger to go forward. EPIC has since repeatedly warned FTC that other mergers posed similar risks to consumer privacy and competition, including Facebook’s acquisition of WhatsApp.

Continue reading

FTC

EPIC Releases Report on FTC’s Unused Statutory Authorities

EPIC has released a report highlighting numerous statutory authorities that the Federal Trade Commission has failed to use to safeguard privacy. The report, What the FTC Could Be Doing (But Isn’t) to Protect Privacy, identifies untapped or underused powers in the FTC’s toolbox and explains how the FTC should deploy them to protect the public from abusive data practices. EPIC’s report also criticizes the FTC’s lack of effective privacy enforcement over the past two decades. “A common refrain from the Commission during this period is that it lacks the authority to address these mounting threats to individual privacy,” the report explains. “But the FTC has not made full use of the authorities that it already has.” The report comes a day after Lina Khan was confirmed to the FTC and named chairwoman of the Commission. EPIC has frequently challenged the FTC over its failure to address consumer privacy harms and has long advocated for the creation of a U.S. Data Protection Agency. EPIC also supports legislation that would restore the FTC’s 13(b) authority to obtain restitution for individuals harmed by companies’ unlawful trade practices, which the Supreme Court recently curtailed in AMG Capital Management v. Federal Trade Commission.

Continue reading

Data Protection Agency FTC policy

BREAKING: Sen. Gillibrand Introduces U.S. Data Protection Agency Bill

Senator Kirsten Gillibrand (D-NY) has introduced the Data Protection Act of 2021 which would create an independent Data Protection Agency in the United States to safeguard the personal data of Americans. EPIC, many leading consumer and civil rights organizations, privacy experts, and scholars support Senator Gillibrand’s non-partisan bill. “It’s time for America to catch up with the rest of the world and create a Data Protection Agency,” said Caitriona Fitzgerald, EPIC Deputy Director. “Congress’ ongoing failure to modernize our privacy laws imposes enormous costs on individuals, communities, and American businesses alike. We need a new approach. Senator Gillibrand’s Data Protection Act creates an agency dedicated to safeguarding the personal data of individuals and ensuring that data practices are fair and non-discriminatory. The Data Protection Act is the game-changing proposal we need in order to ensure adequate oversight over what has become a massive sector of our economy and affects the daily lives of all Americans. EPIC urges Congress to enact the Data Protection Act.” EPIC has long advocated for the creation of a U.S. Data Protection Agency, arguing that the Federal Trade Commission is an ineffective agency, lacking basic competence for privacy protection. [Bill text] [Sen. Gillibrand Press Release]

Continue reading

international Privacy Shield Schrems

Data Flow Deal Talks Fail Due to Lack of US Action on Privacy

The agreement on transatlantic cooperation reached by U.S. and EU leaders this week did not include the political agreement the White House was hoping for on transatlantic data deals. Last week, EPIC and 23 other leading civil society groups sent a letter to President Biden today urging his Administration to ensure that any new transatlantic data transfer deal is coupled with the enactment of U.S. laws that reform government surveillance practices and provide comprehensive privacy protections. “The United States’ failure to ensure meaningful privacy protections for personal data is the reason that a growing number of countries are concerned about trans-border data flows,” the groups wrote. “Until the United States addresses this problem, concerns about data transfers to the United States will remain, and data flow agreements are likely to be invalidated.” In 2015, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor agreement. And in July 2020, the successor agreement, Privacy Shield, was also invalidated by the same court.

Continue reading