Author: Jeff Cassman

Calli Schroeder, senior counsel and global privacy counsel at the Electronic Privacy Information also said the leadership change should “give us a really interesting picture of how much the Irish data protection commission’s actions to date have been based on the commissioner and how much they’ve been based on the structure of the agency and how enforcement works in the EU.” 

Schroeder said that while EPIC and other consumer groups have raised concerns over the pace and strength of Dixon’s office’s work during her tenure, “we really need to recognize the difficulty of the position she stepped into,” especially with the GDPR coming into effect after she was installed as commissioner.

Read more here.

EPIC released the following statements following Wired’s story revealing new details about the Drug Enforcement Agency’s Hemisphere program, now known as Data Analytical Services (DAS):

“The Data Analytical Services, or Hemisphere, program is just the latest example of the U.S. government’s warrantless surveillance of Americans. Congress needs to end this outrageous violation of Americans’ civil liberties.” – Alan Butler, Executive Director, Electronic Privacy Information Center (EPIC)

“The Data Analytical Services (DAS) and its predecessor, Hemisphere, are yet another piece of the warrantless government surveillance ecosystem, which has enabled the government to acquire staggering amounts of Americans’ most sensitive information. Congress must conduct a hearing on DAS immediately and rein in this outrageous practice before reauthorizing any other parts of this surveillance ecosystem such as FISA Section 702.” – Jeramie Scott, Senior Counsel and Director of EPIC’s Project on Surveillance Oversight

Key facts about the DAS program:

• No Judicial Oversight
• Trillions of Phone Records Collected
• Location Data Tracked
• Sweeping Use by Law Enforcement
• No Privacy Impact Assessment
• Purposely Kept Secret

The DAS program is another example of the need for government surveillance reform. DAS allows the government to access more than a trillion phone records without judicial oversight through legally questionable means. The records can contain location information and go back as far as 1987. The government has previously tried to conceal the existence of DAS’s predecessor, Hemisphere, instructing law enforcement not to mention Hemisphere on official documents. The privacy implications of Hemisphere were vast, yet EPIC FOIA lawsuits related to Hemisphere and Drug Enforcement Agency (DEA) Privacy Impact Assessments yielded no privacy assessments for Hemisphere. DEA either hid its analysis of the privacy issues or has never conducted a privacy impact assessment as required by law. Now the government has moved Hemisphere under the control of the White House and renamed it Data Analytical Services to further avoid scrutiny. Congress needs to end the DAS program and must immediately hold an oversight hearing to bring transparency to this secret government surveillance program. 

Furthermore, Congress must act without delay to protect Americans’ privacy and civil liberties by passing the Government Surveillance Reform Act. 

The widely endorsed Government Surveillance Reform Act (GSRA; H.R. 6262) is crucial legislation that addresses the lawless warrantless surveillance of Americans by establishing comprehensive privacy protections for people in the United States. The GSRA would close the loopholes the government exploits to conduct warrantless mass surveillance, including bringing programs like DAS under judicial review. A resource hub for the GSRA is available here; a one-page summary here; a section-by-section here; and EPIC’s Quick Guide on the GSRA is here. Organizational endorsements are available here. Current cosponsors include:

Senate: Sens. Wyden (D-OR), Lee (R-UT), Daines (R-MT), Hirono (D-HI), Lummis (R-WY), Heinrich (D-NM), Markey (D-MA), Warren (D-MA), Tester (D-MT), Baldwin (D-WI).

House: Reps. Davidson (R-OH), Lofgren (D-CA), Biggs (R-AZ), Jacobs (D-CA), Massie (R-KY), Chu (D-CA), Armstrong (R-ND), Jayapal (D-WA), Carey (R-OH), Correa (D-CA), Mace (R-SC), Deluzio (D-PA), Doggett (D-TX), Hoyle (D-OR), Lee (D-CA), Lieu (D-CA),…

Groups including the Electronic Privacy Information Center (EPIC) and Consumer Reports (CR) supported robust rules as part of the FCC’s proposed cybersecurity labeling program for smart devices in reply comments posted Monday in docket 23-239. In a letter posted last week, CTA, CTIA and other industry groups laid down a marker, saying the program should be voluntary and based on existing National Institute of Standards and Technology (NIST) guidance (see 2311090033). 

As the popularity and development of IoT devices grows globally, examples of privacy and security breaches continue to proliferate,” EPIC said. “A number of high-profile instances involving the hacking of video- and audio-enabled devices have rightly raised concerns among consumers regarding the safety of IoT devices.” But the information available to consumers is too often hard to locate and can’t be read until a device is purchased, EPIC said. 

Once consumers have access to the information, “it’s largely too long and technical for the average buyer to use and make an informed decision,” the group said. Equipment makers also “often prematurely halt device support and inadequately communicate the length and scope of security support,” EPIC added. 

Read more here.

r

WASHINGTON, DC – Today the Electronic Privacy Information Center (EPIC) announced the addition of eight members to its Advisory Board. Since its founding, EPIC has drawn on the expertise of leading scholars, experts, and advocates in the privacy, civil liberties, and cybersecurity space to inform its work. And today we are thrilled to see this group grow.

“It has never been more urgent to tackle the complex threats that emerging technologies pose to our collective right to privacy and to our democratic institutions. The work we do at EPIC builds on the expertise of scholars and thinkers in our field, and the addition of these eight inspiring leaders will bolster our advocacy and education efforts. We are thrilled that our newest group of members will bring deep expertise in AI, privacy, and surveillance issues at a time where we have real opportunities to advance policy at the state and federal level,” says EPIC Executive Director Alan Butler.

These new members will help inform EPIC’s research, advocacy, and litigation work at a time when concerns over the harms that AI and other automated tools are causing to kids, families, workers, and our economy are front and center. President Biden’s recent Executive Order on “Safe, Secure, and Trustworthy Artificial Intelligence” is an important next step that builds on the principles established last year in the Blueprint for an AI Bill of Rights. We need strong, clear guardrails around the development and use of AI and that establish comprehensive privacy protections for all Americans. The use of AI driven systems across the fields of law enforcement, criminal justice, public benefits administration, education, and employment pose the most significant threats to digital civil rights in a generation. EPIC’s new members bring a wealth of knowledge and experience in educating the public and working to protect privacy and civil liberties against the various threats that exist today.

The new members are:

• John Abowd – Edmund Ezra Day Professor Emeritus of Economics, Statistics and Data Science at Cornell University. From 2016 – 2022, he served as Chief Scientist and Associate Director for Research and Methodology at the U.S Census Bureau, where he led a directorate of five research centers each devoted to domains of investigation important to the future of social and economic statistics.

• Emily M. Bender – Professor in the Department of Linguistics and faculty director of the CLMS program and the director of the Computational Linguistics Laboratory at the University of Washington. She is an Adjunct Professor in both the School of Computer Science and Engineering and the Information School at UW, and a member of the Tech Policy Lab, Value Sensitive Design Lab, and RAISE. In September 2023 she was included in the TIME100 AI list highlighting 100 individuals advancing major conversations about how AI is reshaping the world.

• Veena Dubal – Professor of Law at the University of California, Irvine School of Law. Her work encompasses a range of topics, including the impact of…

In comments filed this week with the National Telecommunications and Information Administration, EPIC urged the NTIA to focus its work around youth safety and privacy on “the harmful design practices and extensive data collection that perpetuate commercial surveillance of children and teens.”

As children and teens have come to spend more and more of their lives online, existing laws have failed to keep pace or to protect minors from harm. In the face of growing risks from AI and other emerging technologies, EPIC urged the NTIA to endorse safeguards like data minimization and a ban on targeted advertising to minors in its policy recommendations. EPIC also identified a wide range of risks that minors face from being active online, including privacy, psychological, and physical harms.

EPIC has longe advocated for heightened privacy protections for minors, including in educational and commercial settings. EPIC continues to back comprehensive privacy laws like the American Data Privacy and Protection Act (ADPPA) and state-level ADPPA that include special protections for minors.

The executive order also requires OMB to study how agencies’ collect, process, maintain, use, disseminate and dispose of commercial data in order to shape “potential guidance” on how to reduce individual privacy risks. 

“There’s never been a government-wide accounting like this of how agencies buy and use personal data from commercial vendors,” said John Davisson, director of litigation at the Electronic Privacy Information Center. 

Read more here.

Caitriona Fitzgerald, deputy director at the Electronic Privacy Information Center, a Washington, D.C.-based research center, said that California and Colorado have both done more to pass “strong privacy or tech oversight legislation.” 

“Unless you’re acting really deceptively or unfairly, there’s very few limits on what companies can collect about us,” she said. 

Read more here.

r

EPIC and a coalition of privacy, civil liberties, and civil rights groups urged Senate Majority Leader Chuck Schumer to refrain from including any short-term reauthorization of FISA Section 702 in the continuing resolution or any other “must-pass” legislation. A recent report by Wired indicated that the Senate planned to pass a short-term, straight reauthorization of Section 702 as part of must-pass legislation. A coalition of groups working to reform Section 702 stated, “In its current form, this authority is dangerous to our liberties and our democracy, and it should not be renewed for any length of time without robust debate, an opportunity for amendment, and—ultimately—far-reaching reforms.”

EPIC and a bipartisan coalition of privacy, civil liberties, and civil rights groups have launched a campaign to significantly reform Section 702 of the Foreign Intelligence Surveillance Act and related surveillance authorities.

There’s no question online privacy is a serious concern. Plaintiffs’ lawyers point to findings by the Electronic Privacy Information Center that show consistent support among Americans for stronger privacy laws, with nearly 9 in 10 adults saying they are “very concerned” about data privacy. 

Read more here.

Some privacy advocates say Commerce’s response doesn’t go far enough to alleviate concerns about human rights’ abuses. Calli Schroeder, senior counsel and global privacy counsel at the Electronic Privacy Information Center (EPIC), told The Register that the Feds should make public the full training guidance and all applicable policies, as well as the list of technology companies that received assistance from the ITA. 

“Frankly, I’m not sure this policy has any teeth or will meaningfully change the ITA’s actions. I can’t be. Because there is no transparency here,” Schroeder said. “It is unacceptable that the ITA are still not providing information on what companies they have provided trade assistance to or what countries were targets of these efforts.” 

Plus, it’s difficult for the US to hold any moral high ground while advocating for these products, she added. 

“Promoting the use of surveillance tech and spyware under the guise of ‘advocating for US businesses’ smacks uncomfortably of eroding global human rights for a profit,” Schroeder said. “The very nature of the technology makes it impossible to promote use of spyware in a way that does not threaten human rights values.”  

While a review process is “helpful,” the US has no business exporting things like spyware and facial recognition tech, and others, including advanced data analytics and automated license plate readers, should be added to the list, she said.  

“We’ve repeatedly seen this technology abused and, once exported, the ITA and the US as a whole has very little control over whether it will be abused or fall into the hands of repressive regimes,” Schroeder said. 

Read more here.