The Federal Communications Commission (FCC) released its National Broadband Plan today. The FCC notes that “many users are increasingly concerned about their lack of control over sensitive personal data" and warns that "Innovation will suffer if a lack of trust exists between users and entities with which they interact over the internet.” The FCC makes several recommendations, but there is no clear plan to address growing concerns about cloud computing, smart grids and unfair and deceptive trade practices. Last year, EPIC urged the FCC to develop a comprehensive strategy for online privacy as part of the national broadband strategy.
At the third FTC Privacy Roundtable, EPIC senior counsel John Verdi will recommend that the Commission push forward with effective and meaningful privacy safeguards for American consumers. Mr. Verdi will say that the "notice and choice" approach has failed, and will recommend that the FTC enforce Fair Information Practices, such as the OECD Privacy Guidelines. The discussion can be viewed via webcast. Additional information on the FTC roundtable event can be found here. For more information, see EPIC In re Google Buzz, EPIC In re Facebook, and EPIC In re Google and Cloud Computing.
Senators Patrick Leahy and John Cornyn introduced the Faster FOIA Act, which would establish a panel to examine agency backlogs in processing FOIA requests. Government reports reveal substantial agency delays in disclosing FOIA records. The bill comes at the beginning of Sunshine Week, a national observance of the importance of open government. EPIC makes frequent use of the FOIA to obtain information about privacy issues. EPIC celebrated Sunshine Week by publishing the EPIC FOIA Gallery: 2010. For more, see EPIC: Open Government and EPIC Bookstore: FOIA.
In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2010. The gallery highlights key documents obtained by EPIC in the past year, including records detailing the privacy risks posed by airport body scanners, fraudulent "parental control" software, and federal agencies' contracts with social networking web sites. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.
EPIC has been asked to testify before the Subcommittee on Transportation Security and Infrastructure Protection on Wednesday, March 17, 2010. The hearing will examine "An Assessment of Checkpoint Security: Are Our Airports Keeping Passengers Safe?" EPIC is expected to discuss the documents it has recently obtained in an open government lawsuit against the DHS. For more information, see EPIC: Whole Body Imaging.
Netflix canceled its second $1 million Netflix Prize after privacy concerns from the FTC and a federal lawsuit alleging invasion of privacy and violations of the Video Privacy Protection Act. The Netflix contest challenged contestants to find a superior movie-recommendation algorithm from “anonymized” datasets that included movie ratings, date of ratings, unique ID numbers for Netflix subscribers, and movie information. In 2006, during the first Netflix Prize contest, researchers conducted a study that revealed if a person has information about when and how a user rated six movies, that person can identify 99% of people in the Netflix database. After productive discussions with the FTC over reidentification concerns which stemmed from this study, Netflix and the federal agency reached an understanding on how Netflix would use user data in the future. Netflix also settled the VPPA lawsuit. For more information, see EPIC: Reidentification.
The National Security Archive at George Washington University has released the results of its annual government-wide FOIA audit. The audit tested agency responsiveness to President Obama's new directives on government transparency and openness. The Archive report concluded that less than half of federal agencies have responded to the new open government directives with concrete changes, and only four agencies "show both increases in releases and decreases in denials under the FOIA." Attorney General Eric Holder spoke today about the administration's FOIA record. For more information, see EPIC Open Government.
In formal comments, EPIC urged the California Public Utility Commission to adopt privacy safeguards for Smart Grid systems to protect consumer electricity usage information from unauthorized collection, use, and disclosure. Smart Grid networks uniquely identify individual electrical appliances, and create new privacy risks. EPIC recommended that policies be established to protect consumer data, including limitations on data collection, new security standards, and independent oversight. For more information, see EPIC: Smart Grid.
Massachusetts’s new data protection law went into effect at the beginning of March. The law applies to all companies that own or license the personal information of Massachusetts residents. According to the new regulations, companies are now required to create a comprehensive security program that details how personal information will be safeguarded. Governor Deval Patrick stated, “Consumers should feel confident that their personal information is protected, and not exposed to loss or theft. These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.” For more information on privacy and identity theft, see EPIC: Identity Theft.
On March 2, 2010, the German Federal Constitutional Court ruled that a law allowing law enforcement authorities to store telephone and Internet data is inconsistent with the right to privacy under the German Constitution. The law allows data on calls and e-mail exchanges to be retained for six months, and made available for use by criminal authorities. The court found that the law went beyond the original intent of the directive the European Union enacted in March 2006. EPIC has documented the impact of data retention requirements. For more information, see EPIC’s webpage on data retention.
In response to an EPIC Freedom of Information Act lawsuit, the Department of Homeland Security and the Transportation Security Administration (TSA) released more documents about body scanners in US airports. The documents include many complaints from travelers who went through the devices. Travelers reported that they were not told about the pat down alternative or that they were going to be subject to a body scan by TSA officials. Travelers also expressed concern about radiation risks to pregnant women and the image capture of young children without clothes. EPIC has previously obtained whole body imaging vendor contracts, operational requirements, and procurement specifications from TSA. EPIC and Ralph Nader have urged President Obama to suspend the program until an independent review is completed. For more information see EPIC: Whole Body Imaging Technology.
The FTC has sent a letter to EPIC regarding the February 2010 EPIC complaint about Google’s recently launched social networking tool, Google Buzz. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises interesting issues that relate to consumer expectations about the collection and use of their data.” Further, the FTC Director highlights the importance of having consumers “understand how their data will be used” and allowing consumers the “opportunity to exercise meaningful control over such uses.” EPIC has since filed an amended complaint with the FTC that describes how Google Buzz violated Google’s own privacy policy for Gmail. For more information, see EPIC: In re Google Buzz.
EPIC FOIA Note #16: 
