Landau, "A Gateway for Hackers:
The Security Threat in
the New Wiretapping Law"

EPIC, Media, Civil Liberties and Immigration Groups
Urge NPR to Drop Promotion for E-Verify
In a letter to National Public Radio, EPIC, the ACLU, the National
Immigration Law Center and Free Press have urged the NPR Ombudsman to discontinue a promotion for the controversial "E-Verify" program. The ad is running as a result of underwriting support from the Department of Homeland Security, but NPR guidelines allow only identification and not promotion for underwriters. See EPIC "Spotlight on Surveillance: E-Verify System - DHS Changes Name, But Problems Remain for U.S.
Workers." (Dec. 1)

Senator Leahy Presses Justice Department on Telephone Privacy
Senator Patrick Leahy has asked the Department of Justice to provide information about investigations and prosecutions under the federal law that prohibits viewing confidential phone records information, following reports that Verizon employees improperly accessed President-elect Obama's cell phone records. The employees were dismissed but no criminal investigation was pursued. In 2007, EPIC testified before Congress on fraudulent access to phone records and urged Congress to establish stronger safeguards. For more information, see EPIC's illegal sale of phone records page. (Nov. 25)

Court Upholds New Hampshire Prescription Privacy Law
Today, the First Circuit Court of Appeals upheld a New Hampshire law that bans the sale of prescriber-identifiable prescription drug data for marketing purposes. In August, EPIC and 16 experts in privacy and technology filed a "friend of the court" brief urging the federal appellate court to reverse a lower court ruling that delayed enforcement of the New Hampshire Prescription Confidentiality Act. The experts said the lower court should be reversed because there is a substantial privacy interest in patient data that the lower court failed to consider. The New Hampshire Attorney General also defended the law, calling pharmaceutical representatives "invisible intruder[s] in the physician's examination room." Data mining companies challenged the law, claiming that the privacy measure violated their free speech rights. For more information, see EPIC's IMS Health v. Ayotte page. (Nov. 18)

EPIC Complaint Leads to Halt of Stalker Spyware Distribution
Following an EPIC complaint, a federal court has ordered CyberSpy Software to stop selling malicious computer software. In March, EPIC filed a complaint with the Federal Trade Commission alleging that the spyware purveyor engages in unfair and deceptive practices by: (1) promoting illegal surveillance; (2) encouraging "Trojan Horse" email attacks; and (3) failing to warn customers of the legal dangers arising from misuse of the software. The federal regulators agreed, and asked the court for a permanent injunction barring sales of CyberSpy's "stalker spyware," over the counter surveillance technology sold for individuals to spy on other individuals. The court entered a temporary restraining order on November 6, 2008. Further litigation is expected before the court rules on the government's request for a permanent ban. For more information, see EPIC's Personal Surveillance Technologies page and Domestic Violence and Privacy page. (Nov. 17)

Google "Flu Trends" Raises Privacy Concerns
Google announced this week a new web tool that may make it possible to detect flu outbreaks before they might otherwise be reported. Google Flu Trends relies on individual search terms, such as "flu symptoms," provided by Internet users. Google has said that it will only reveal aggregate data, but there are no clear legal or technological privacy safeguards to prevent the disclosure of individual search histories concerning the flu, or related medical concerns, such as "AIDS symptoms," "ritalin," or "Paxil." Privacy and medical groups have urged Google to be more transparent and publish the algorithm on which Flu Trends data is based so that the public can determine whether the privacy safeguards are adequate. For more information, see EPIC's Google Flu Trends page. (Nov. 12)

Google, Yahoo Drop Deal After Antitrust Review
Today, Google, the internet's largest search engine, abandoned its planned advertising arrangement with Yahoo, a Google competitor. In June, the two internet search companies announced plans to coordinate the sale of online advertisements. The US Department of Justice scrutinized the deal, and expressed concern that the arrangement would eliminate competition for Internet-based advertising. Government lawyers said that,"if implemented, the agreement between these two companies accounting for 90 percent or more of each relevant market would likely harm competition" and threatened to file a lawsuit to scuttle the deal. In 2007, EPIC urged the Federal Trade to impose conditions in a similar merger review, involving Google and Doubleclick. The FTC failed to do so, raising concerns about the independence of the Commission. (Nov. 5)

In EPIC Case for Wiretap Memos, Federal Judge to Review Justice Department Documents
In EPIC v. DOJ, EPIC, the ACLU, and the National Security Archive are seeking government documents regarding the President's warrantless wiretapping program. Today, a federal court ordered the Department of Justice to provide for inspection copies of legal memos authored by government lawyers. The opinions, prepared by the Office of Legal Counsel, provided the legal basis for the President to wiretap US citizens in the United States without court approval. EPIC began the Freedom of Information Act lawsuit in December 2005, after the New York Times first reported the details of the wiretap program. For more information, see EPIC's EPIC v. DOJ page. (Oct. 31)

Senators Seek Details of Terrorism Interrogations, Domestic Surveillance Activities
Senator Patrick Leahy issued a subpoena requiring Attorney General Michael Mukasey to disclose information regarding the federal government's terrorism-related activities, including its warrantless surveillance program. The Senate Judiciary Committee Chairman's subpoena requires the Attorney General to make public documents regarding the spy scheme. Lawmakers have sought this information for more than five years, but state that their efforts have been stonewalled by Bush administration officials. "There is no legitimate argument for withholding the requested materials from this Committee," Senator Leahy wrote. In December 2005, EPIC demanded the release of memos regarding the program. Some of those documents were disclosed in response to an EPIC lawsuit. Others remain secret pending the resolution of the case. Documents obtained by EPIC reveal that a former top official doubted that the spy program was legal. For more, see EPIC's National Security Agency's Warrantless Surveillance Program page. (Oct. 27)

International Privacy Conference Draws Attendees from 68 Countries
More than 600 participants attended the 30th annual International Conference of Data Protection and Privacy Commissioners in Strasbourg, France. The conference explored "Protecting privacy in a borderless world" through high-level panels with government officials, business leaders, technical experts, and privacy advocates. Delegates called for increased international co-operation and emphasized that data protection must play a more prominent role in public and private institutions. The conference said, "in light of recent scandals all over the world, a strong independent supervision with tangible sanction powers is more necessary than ever." Privacy commissioners issued resolutions on several topics, including Children's Online Privacy, International Privacy Standards, and Privacy in Social Network Services. For a comprehensive survey of privacy developments around the globe, purchase EPIC's Privacy and Human Rights report. (Oct. 24).

European Parliament Challenges Body Scanners
European Union lawmakers have voted overwhelmingly to oppose the adoption of "body scanners," devices that produce images of people as if they were naked. The sponsors specifically identified the risk that the images of naked travelers would be retained by private vendors and government agencies. The European Parliament instructed the European Commission to carry out a fundament rights impact assessment, consult with European privacy authorities, assess the health impact of the technology, and conduct a cost-benefit impact assessment. For more information, see EPIC Backscatter X-Ray Screening Technology and EPIC Spotlight on Surveillance: Transportation Agency's Plan to X-Ray Travelers Should Be Stripped of Funding. (Oct. 23)

Homeland Security Clears Secure Flight but Watchlist Questions Remain
The Department of Homeland Security announced today the Final Regulations for the Secure Flight program. All airlines will now be required to collect date of birth and gender from customers and provide this information to the TSA for watchlist verification. A DHS Redress number, if previously issued, would also be collected. EPIC has warned in Congressional testimony that accuracy problems will continue to plague Secure Flight unless passengers are able to challenge the government's watchlist determinations. EPIC also recommended that the redress procedures be modified to limit data collection and to prescribe penalties for Privacy Act violations. For more information, see EPIC Secure Flight page and "Spotlight on Surveillance: Secure Flight Should Remain Grounded Until Security and Privacy Problems Are Resolved." (Oct. 22)

Supreme Court to Hear Argument in Identity Theft Case
Today, the Supreme Court announced that it will review a case that imposed enhanced criminal identity theft penalties on a person who presented an identity document that contained his own name. The Court will determine whether individuals who include identification numbers that are not theirs, but don’t intentionally impersonate others, can be subject to harsher punishments under federal law. In Flores-Figueroa v. United States, the petitioner challenged his conviction for “aggravated identity theft” under the Identity Theft Penalty Enhancement Act, stating that he did not commit identity theft when he used an identity document with his real name and an identity number that was not his to maintain employment. For more information, see EPIC's Flores-Figueroa page. (Oct. 21).

Previous Top News Archive

Spotlight on Surveillance

Proposed ‘Enhanced’ Licenses Are Costly to Security and Privacy

Hot Topics

December 2008
Automated Targeting System
Deep Packet Inspection
Domestic Surveillance
Facebook
FISA
Fusion Centers
Google/DoubleClick
Iraqi Biometric Identification System
Medical Record Privacy
National ID
National Security Letters
Open Government
Passport Privacy
Phone Records
Search Engine Privacy
Social Networking Privacy

EPIC Docket Highlights

December 2008
EPIC v. FTC
EPIC v. VSP (Fusion Centers)
EPIC FTC Complaint (Google)
Gonzales v. ACLU
EPIC v. DHS (passenger data)
EPIC v. DOJ (NSA surveillance)
EPIC v. DOJ (IOB reports)
EPIC v. DOD (TIA/fee waiver)
Illegal Sale of Phone Records

EPIC amicus briefs:
Bunnell v. MPAA (Wiretap)
Crawford v. Marion County (Voter ID)
Doe v. Chao (Privacy Act)
BATF v. Chicago (FOIA)
Watchtower Bible v. Stratton (Anonymity)
Reno v. Condon (DPPA)
Smith v. Doe (Megans Law)
Gilmore v. Ashcroft (Secrecy)
ACLU v. DOD (Secrecy)
Gonzales v. Doe (Wiretap)
Hepting v. AT&T (Wiretap)
Herring v. US (Errors in databases)
Hiibel v. Nevada (Anonymity)
IMS Health v. Ayotte
(Medical privacy)
Kehoe v. Fidelity Bank (Consumer privacy)
Kohler v. Englade (DNA)
NCTA v. FCC (Phone records privacy)
New Jersey v. Reid
(ISP subscriber privacy)
Peterson v. NTIA (WHOIS data)
US v. Councilman (Wiretap)

Complete EPIC Docket