Category: Privacy

Jeramie Scott — senior counsel and director of the Electronic Privacy Information Center’s Project on Surveillance Oversight — called facial recognition “an invasive and dangerous surveillance technology,” adding that TSA’s use of it “basically endorses the use of facial recognition for identity verification.”  

“That will ultimately accelerate the use of our faces as our ID, and that has some very important implications for privacy, civil liberties, civil rights and our democracy,” he said, adding that the lack of federal regulations around facial recognition’s use means that — despite TSA’s current privacy requirements — “what may be the safeguards today does not mean they will be the safeguards tomorrow.” 

He also pushed back on TSA’s claim that it conducts “independent analysis” of collected data, since the agency falls under DHS’s authority. 

“You can’t say just because we handed it to a different part of the agency that that’s an independent test in any meaningful way,” Scott said. 

Read more here.

A news update and constitutional law analysis, related through a video commentary from Mark W. Smith of The Four Boxes Diner:  BORDER WARS: The Constitutional Issues you need to know about in Texas v. Biden Admin. Two days ago, it was 11 states, but now, 25 states have signaled support for Texas Governor Abbott’s position. And at least 10 of those States have now pledged to send National Guard or State Guard/Militia troops to Texas, to assist. Tucker Carlson interviewed Abbott, on Friday.

—

On January 27th, 1967, a launch pad fire during Apollo program tests at Cape Canaveral, Florida, killed astronauts Virgil “Gus” Grissom, Edward H. White II, and Roger B. Chaffee. An investigation indicated that a faulty electrical wire inside the Apollo 1 command module was the probable cause of the fire. The astronauts, the first Americans to die in a spacecraft, had been participating in a simulation of the Apollo 1 launch scheduled for the next month.

January 27th, 1945 is the anniversary of the liberation of Auschwitz by the Soviet Army.  January 27th is commemorated as International Holocaust Remembrance Day.

Today is the birthday of singer-songwriter Kate Wolf. (Born 1942, died December 10, 1986.) Her untimely death at age 44 cut short an amazing career and robbed America of a great songwriting talent.

—

SurvivalBlog Writing Contest

Today we present another entry for Round 110 of the SurvivalBlog non-fiction writing contest. The prizes for this round include:

First Prize:

1. The photovoltaic power specialists at Quantum Harvest LLC  are providing a store-wide 10% off coupon. Depending on the model chosen, this could be worth more than $2000.
2. A Gunsite Academy Three Day Course Certificate. This can be used for any of their one, two, or three-day course (a $1,095 value),
3. Two cases of Mountain House freeze-dried assorted entrees in #10 cans, courtesy of Ready Made Resources (a $350 value),
4. American Gunsmithing Institute (AGI) is providing a $300 certificate good towards any of their DVD training courses.
5. Two sets of The Civil Defense Manual, (in two volumes) — a $193 value — kindly donated by the author, Jack Lawson.

Second Prize:

1. A SIRT STIC AR-15/M4 Laser Training Package, courtesy of Next Level Training, that has a combined retail value of $679
2. Two 1,000-foot spools of full mil-spec U.S.-made 750 paracord (in-stock colors only) from www.TOUGHGRID.com (a $240 value).
3. Two Super Survival Pack seed collections, a $150 value, courtesy of Seed for Security, LLC.
4. Montana Survival Seed is providing a $225 gift code for any items on its website, including organic non-GMO seeds, fossils, 1812-1964 US silver, jewelry, botany books, and Montana beeswax.
5. A transferable $150 FRN purchase credit from Elk Creek Company, toward the purchase of any pre-1899 antique gun. There is no paperwork required for delivery of pre-1899 guns into most states, making them the last bastion of firearms…

EPIC submitted comments in response to DOJ and DHS’ Request for Written Submissions on Sec. 13e of Executive Order 14074 urging DOJ and DHS to center vulnerable communities in its crafting of new guidance on the use of facial recognition, predictive policing technologies, social media surveillance tools, and DNA analysis tools. EPIC argued that DOJ, DHS, and other law enforcement agencies should cease to use some of the most privacy-invasive and dangerous surveillance technologies—like facial recognition—because of their systemic issues, severe effects on vulnerable populations such as racial minorities, and threat to our democracy. However, EPIC also provided recommendations to create a robust framework of safeguards to protect privacy, civil rights, and civil liberties. EPIC continues to advocate for a set of principles that would adequately assess the risks of these technologies and shape the policy on how law enforcement officials use them. In brief, these include:

• prohibiting mass surveillance;
• protecting privacy, civil rights, and civil liberties;
• protecting constitutional rights;
• proving that the technology and its implementation do not result in a disparate impact for protected classes; 
• requiring adequate evaluation of the purpose, objectives, benefits, and risks of the technology;
• adopting stricter data minimization procedures; 
• ensuring adequate security for retained data;
• regular independent auditing;
• strengthening accountability and oversight; and
• advancing public trust, prioritizing transparency, and requiring substantiation for claims relating to the technology, especially related to its effectiveness. 

EPIC runs a robust surveillance oversight program with several areas of focus. EPIC opposes the spread of facial recognition in both the public and private sector. For many years, EPIC has worked to end TSA’s use of facial recognition at airports. Over the last year, EPIC has helped lead a yearlong coalition campaign to fundamentally reform FISA § 702 as it nears its sunset date. EPIC also regularly calls for increased transparency and oversight of automated decision-making and predictive policing. EPIC has filed complaints with the Attorney General, submitted several Freedom of Information Act (FOIA) requests, and engaged in extensive research to map DHS’ web of databases to shine light on law enforcement use of overbroad surveillance technology. 

Alan Butler, executive director of consumer privacy group Electronic Privacy Information Center, said that a website on the safety of technologies could provide as an additional layer of protection. This would allow the FCC to limit the amount of information on the label and avoid confusing consumers. Consumers expect to understand if their devices could pose potential threats, he said. 

Read more here.

On Tuesday, EPIC submitted comments to the Federal Communications Commission applauding new rules that will strengthen consumer protections against SIM swap and port-out fraud and urging the FCC to further incentivize carriers to reduce security vulnerabilities. SIM swap and port-out fraud occur when a fraudster takes control of a victim’s phone number by convincing a carrier to transfer the victim’s phone service to the fraudster’s phone.

EPIC alerted the Commission to increased instances of SIM swap and port-out fraud targeting major cryptocurrency investors and unsuspecting telecommunications customers alike. EPIC called on the Commission to harmonize CPNI and CPI rules with SIM swap authentication requirements, to establish additional authentication requirements, and to require carriers to report incidents of fraud. Additionally, EPIC requested the Commission articulate its enforcement power under the Communications Act of 1934 and hold carriers liable for SIM swap attacks conducted using their networks and devices, as presently carriers seek to evade liability for SIM swap fraud.

EPIC routinely comments on regulations concerning telecommunications customers privacy and protection from fraud.

On January 17, EPIC submitted reply comments to the Federal Communications Commission in the FCC’s proceeding on reclassifying internet service providers and other broadband providers as common carriers. In its comments, EPIC urged the FCC to outline a broad interpretation of its privacy and data security authorities under Title II of the Communications Act (which governs common carriers such as phone carriers), to explain that the FCC’s consumer protection authorities complement those of the FTC, to make findings that prioritize protecting consumers over protecting data broker and advertiser profits, to initiate an immediate rulemaking to safeguard consumer privacy and data security on the internet, and to continue to facilitate cooperation among state and federal agencies in combating fraud.

EPIC has long advocated for consumer privacy protections in broadband services and regularly files comments with the FCC.

Google hasn’t followed through on promises to delete sensitive user-location information, including visits to abortion clinics, according to a complaint filed with the Federal Trade Commission Thursday and provided to Bloomberg Law. 

The Electronic Privacy Information Center, a nonprofit privacy research and advocacy group, is asking the FTC to investigate the Alphabet Inc. unit for “unfair and deceptive trade practices” around how it handles the data. The complaint follows ongoing reporting that Google has continued to collect location data for users visiting abortion clinics and other sensitive locations, despite promises by the tech giant in July 2022 that it would delete those records. 

The collection of location data can cause “substantial injury” to consumers because it can reveal sensitive personal practices, including visits to abortion clinic visits or houses of worship, according to the complaint. Such data can “lead to criminal prosecution and unduly discourage individuals from seeking vital health care services,” EPIC wrote. 

Read more here.

In a complaint filed today, the Electronic Privacy Information Center (EPIC) and Accountable Tech called on the Federal Trade Commission to investigate tech giant Google for failing to promptly delete location records of users’ visits to abortion clinics and other sensitive facilities despite publicly promising it would do so.

Google retains and processes vast troves of personal information collected through its many applications, programs, and partners. This includes massive amounts of location data, which can reveal sensitive details about a person—including health information like whether and when a person visited a doctor’s office, an addiction treatment center, or an abortion clinic. When this information is retained by companies like Google, it can be accessed by law enforcement and can be used to profile individuals in harmful ways.

In July 2022, following the U.S. Supreme Court’s rescindment of the constitutional right to abortion in Dobbs v. Jackson Women’s Health Organization, Google announced a major policy change to its handling of location data. Google stated that if “its systems identified that a user had visited” an abortion clinic, it would “delete these entries from Location History soon after they visit.” Google’s commitment also extended to location records identifying a user’s visits to addiction treatment centers, domestic violence shelters, and other similarly sensitive facilities.

But Google broke that promise. Months later, research by Accountable Tech and others showed that Google had failed to delete the location information it had promised to. For example, Google’s systems retained search queries and directions to Planned Parenthood clinics and granular map data placing users at Planned Parenthood locations they had visited for more than a month. And the problem continues to this day: a follow-up experiment from Accountable Tech found that while Google had scrubbed “Planned Parenthood” from a user’s Location History map, it retained the route to the clinic itself in four out of eight of its tests. Although Google recently promised—again—to extend enhanced protections to users’ location data, it has yet to follow through on the deletion promise it made more than a year ago, leaving users vulnerable to privacy harms.

“Google’s personal location data practices have caused or are likely to cause substantial injury to its users because they expose users to excessive retention of their ‘particularly personal’ information that can reveal highly sensitive information about them, including whether an individual visited a medical treatment facility, domestic violence shelter, abortion clinic, fertility center, addiction treatment facility, or a surgery clinic.,” EPIC and Accountable Tech’s complaint explains. “The ability of law enforcement to access such data can lead to criminal prosecution and unduly discourage individuals from seeking vital health care services—a risk of substantial injury that has dramatically increased following the Dobbs ruling.”

The complaint calls on the FTC to investigate Google for unfair and deceptive practices in violation of Section 5 of the FTC Act and for violating the 2011 FTC Consent Order arising from Google’s previous mishandling of personal data in the rollout of the…

The Electronic Privacy Information Center says it believes the FCC “should adopt a dual-layer labeling solution” for the program that “would include an easily glanceable primary label and a secondary label that displays additional cybersecurity and privacy information, empowering consumers to make an informed purchase,” Executive Director Alan Butler says. EPIC supports the FCC’s proposal to “require data minimization” as part of its criteria for the Cyber Trust Mark, limiting a qualifying device to “collect only the data necessary to provide its essential functions and services.” The group opposes device manufacturers’ bid for a “safe harbor that would provide a shield against liability for insecure devices,” he says.

Read more here.

Municipalities around the nation have used ARPA federal dollars to fund community surveillance cameras, according to the Electronic Privacy Information Center, a nonprofit research and advocacy center. But EPIC warns that once such systems are in place police can access and collect mass surveillance data leading to privacy issues. 

Read more here.