The White House on Wednesday receieved
a Freedom of Information Act (FOIA) request (PDF link) from two attorneys with the
Electronic Privacy Information Center
(EPIC), demanding that President Barack Obama release the text of what
they called a “secret” new cyber security law that appears to enable
“military deployment within the United States.”
The FOIA was filed in response to
an article that appeared in The Washington Post this week,
claiming that Obama issued a secret directive shortly before the
elections that empowers the military to “vet any operations outside
government and defense networks” for cyber security purposes.
However, because the exact text of the directive remains a secret,
nobody can really say exactly what it does. That was somewhat
disconcerting to American Civil Liberties Union legislative counsel
Michelle Richardson, who
told Raw Story on Wednesday that without the text, “it’s hard to see what they mean.”
President Obama has signed a secret directive that effectively
enables the military to act more aggressively to thwart cyberattacks on
the nation’s web of government and private computer networks.
Presidential Policy Directive 20 establishes a broad and strict
set of standards to guide the operations of federal agencies in
confronting threats in cyberspace, according to several U.S. officials
who have seen the classified document and are not authorized to speak on
the record. The president signed it in mid-October.
A
new report from the
Pew Research Center and the
Berkman Center for Internet & Society
finds that 81% of parents are concerned about how much information
advertisers can learn about their child's online behavior. Also, 69% of
parents of online teens are concerned about how their child’s online
activity might affect their future academic or employment opportunities.
And 63% of parents of teens ages 12-13 say they are "very" concerned
about their child's interactions with people they do not know online.
Many parents reported taking steps to address these risks, such as
talking to their children or helping them configure privacy settings.
The Federal Trade Commission is considering new privacy rules to
strengthen the Children’s Online Privacy Protection Act. EPIC strongly
supports the proposed changes. For more information, see
EPIC: Children's Online Privacy and
EPIC: Federal Trade Commission.
The National Security Agency has
responded to a
Freedom of Information Act Request from EPIC, seeking the public release of Presidential Policy Directive 20. The Directive, first reported by the
Washington Post,
is believed to expand the NSA's cybersecurity authority. In response to
EPIC, the NSA argued that the Agency does not have to release the
document because it is a confidential presidential communication and it
is classified by the NSA. EPIC is
litigating
similar claims against the NSA, including the release of NSPD 54, a
2008 presidential directive setting out the NSA’s cybersecurity
authority. In an official
statement
to Congress earlier this year, EPIC explained that the NSA was a “black
hole for public information about cybersecurity.” EPIC plans to appeal
the NSA's determination. For more information, see
EPIC: Cybersecurity Privacy Practical Implications,
EPIC: EPIC v. NSA - Cybersecurity Authority.
The Federal Trade Commission has released its performance and accountability
report
for 2012. The report summarizes the agency’s activities, shows how the
agency has managed its resources, and explains how it plans to address
future changes. Regarding consumer privacy, the agency cites the release
of a new privacy
report, the adoption of a
consent order with Facebook, and a $22.5 million
fine
against Google as its primary accomplishments . The Commission reported
that it acted on 90.6% of all consumer complaints that it received,
though it did not indicate how many of these actions concerned consumer
privacy. The agency’s goals for the coming year include “promot[ing]
stronger privacy protections through policy initiatives on a range of
topics such as data brokers, mobile devices, and comprehensive online
data collection.” Earlier this year, EPIC brought suit against the
Federal Trade Commission for its failure to enforce a 2011 consent
order. EPIC has also routinely urged the FTC to take account of public
comments when the agencies sets out proposed settlements and asks for
public comments. For more information, see
EPIC: Federal Trade Commission and
EPIC: EPIC v. FTC (Enforcement of Google Consent Order).
EPIC submitted
comments to the Federal Trade Commission on a recent
settlement
with Compete, Inc. The settlement arises from allegations that Compete
failed to adopt reasonable data security practices and deceived
consumers about the amount of personal information that its toolbar and
survey panel would collect. The FTC also charged Compete with deceptive
practices for falsely claiming that the data it kept was anonymous. The
proposed settlement requires Compete to obtain consumers’ express
consent before collecting any data through its software, to delete
personal information already collected, and to provide directions for
uninstalling its software. EPIC expressed support for the settlement,
but recommended that the FTC also require the Compete to implement Fair
Information Practices similar to the
Consumer Privacy Bill of Rights,
make the compliance reports publicly available, and develop a best
practices guide to de-identification techniques, as anonymization has
become more critical for online privacy. For more information, see
EPIC: Federal Trade Commission and
EPIC: Re-Identification.
In a
"friend of the court" brief, EPIC has urged the U.S. Supreme Court to limit the disclosure of personal information covered by the
Driver's Privacy Protection Act. At issue in
Maracich v. Spears
is a lower court's decision to allow disclosure of information stored
in state departments of motor vehicles. EPIC's amicus brief details the
staggering amount of personal information in driver's records,
particularly as a consequence of the REAL ID regulations. In Reno v.
Condon, the Supreme Court upheld the Constitutionality of the federal
law. EPIC filed an
amicus brief
in that case and said "The Drivers Privacy Protection Act safeguards
the personal information of licensed drivers from improper use or
disclosure. It is a valid exercise of federal authority in that it seeks
to protect a fundamental privacy interest." For more information, see
EPIC: Maracich v. Spears and
EPIC: The Driver's Privacy Protection Act.
The Senate has approved a House
bill to reauthorize the
SAFE WEB Act.
The SAFE WEB Act gives the Federal Trade Commission additional tools to
combat cross-border fraud, spam, and spyware. EPIC previously testified
before both the
House Committee on Energy and Commerce and the
Senate Committee on Commerce, Science and Transportation
on the SAFE WEB Act. EPIC said that it supported legislation that
safeguards privacy and ensures government oversight while enabling the
FTC to work more closely with consumer protection agencies in other
countries. For more information, see
EPIC: Federal Trade Commission.
The
House Subcommittee on Transportation Security is holding an oversight hearing this week,
"TSA's Recent Scanner Shuffle: Real Strategy or Wasteful Smokescreen?" The hearing announcement follows a decision by the TSA to remove the backscatter x-ray devices from major US airports. In a
statement for the record,
EPIC highlighted public concerns about the use of body scanners,
including health and privacy risks, and the failure of the TSA to take
public comments on the program. In July 2011, the federal appeals court
in Washington, DC
ruled that that the Department of Homeland Security must "act promptly" to receive public comments. For more information, see
EPIC: EPIC v. DHS (Suspension of Body Scanner Program),
EPIC: Whole Body Imaging Technology and Body Scanners ("Backscatter" X-Ray and Millimeter Wave Screening) and
EPIC: EPIC: Body Scanner FAQ.
Following a
Washington Post report of a new cyber security directive, EPIC has filed a
Freedom of Information Act request for the release of
Presidential Policy Directive 20.
The Directive is believed to expand cyber security authority for the
National Security Agency. EPIC is pursuing several FOIA cases, including
the
release of NSPD-54,
an earlier Directive that gave NSA authority to conduct surveillance
within the United States. EPIC has also sought public release of the
technical arrangement between the NSA and Google that was adopted in
January 2010. Federal
law
prevents the National Security Agency, a component of the Department of
Defense, from conducting operations within the United States. For more
information, see
EPIC: Cybersecurity Privacy Practical Implications,
EPIC: EPIC v. NSA - Cybersecurity Authority, and
EPIC v. NSA: Google / NSA Relationship.
In
comments
the Department of the Interior, EPIC has urged the federal agency not
to weaken the Freedom of Information Act (FOIA) as it has
proposed.
The Interior Department is considering regulations that would place new
burdens on FOIA requesters by: (1) terminating FOIA requests, (2)
denying FOIA requests without providing justifications as required by
law, and (3) withholding the identity of agencies to which the
Department refers FOIA requests. EPIC said that the Interior
Department's proposal would undermine the open government law, is
contrary to law, and the views expressed by the President and the
Attorney General about the FOIA. EPIC routinely comments on agency
proposals that impact the rights of FOIA requesters. In 2011, EPIC
submitted
extensive comments to the Department of Justice, warning the agency not to erect new obstacles for FOIA requesters. For more information, see
EPIC: Open Government.
No comments:
Post a Comment