EPIC announced the addition of ten members to its Advisory Board. As EPIC celebrates our 30th  anniversary, we are thrilled to continue to grow our network of leading scholars, experts, and advocates in the privacy, civil liberties, and cybersecurity space, whose knowledge we draw on to inform and advance our work.

The new members are: Jim Balsillie, Lorrie Cranor, Serge Egelman, Leah Fowler, Susan Landau, Jessica Levinson, Dawn Nunziato, Spencer Overton, Andrew Selbst, and Zephyr Teachout.

FTC Investigates Surveillance Pricing Practices of Eight Companies
The Federal Trade Commission announced an investigation into the surveillance pricing practices of eight companies under its 6(b) authority. Vast troves of personal information feed these privacy-invasive practices with little to no oversight. Surveillance pricing allows businesses to algorithmically exploit consumers’ sensitive information to charge them higher prices.

Google Backtracks on Its Promise to Deprecate Third-Party Cookies
Google announced that it no longer plans to stop supporting third-party cookies on its browser, Google Chrome. Cookies are small text files placed onto a user’s computer by a party other than the website the user chooses to visit. Third-party cookies follow users around the internet, remembering their previous activities and providing detailed information about the user’s browsing history to advertisers. Google is the only remaining major browser that supports third-party cookies—Apple’s Safari began to block third party cookies by default in 2017, and Mozilla’s Firefox did the same in 2019. 

EPIC Joins NCLC-Led Coalition Defending FCC Rule That Prohibits Sale of Robocall Consents
EPIC and the National Consumer Law Center, along with Consumer Federation of America, Public Knowledge, and U.S. PIRG, filed an amicus brief in support of the Federal Communication Commission in Insurance Marketing Coalition Ltd. v. FCC, an Eleventh Circuit case challenging the FCC’s rule establishing that a phone subscriber can only provide consent to be robocalled to one seller at a time. 

Ninth Circuit Signals That a Reasonable User Cannot Consent to Data Collection Via Confusing and Contradictory Privacy Disclosures
This month, the Ninth Circuit heard oral argument in Google v. Calhoun, a case about whether users really consented to Google’s collection and sharing of their personal data in light of contradictory statements made in Google's published policies. In an amicus brief filed in the case, EPIC explained that consumers cannot be said to have consented to data practices that Google specifically promised not to engage in under its privacy policy—even though Google separately disclaimed liability in its general privacy disclosure. During arguments, the judges signaled agreement with EPIC’s position.

FCC Reduces Rates for Prison Phone Calls, Prohibits Charging Families for Surveillance
The Federal Communications Commission voted to enact regulations implementing the Martha Wright-Reed Just and Reasonable Communications Act. The new rules effectively halve the cost of phone and video calls to jails, prisons, and immigration detention centers. Incarcerated people, their friends, and families will save more than $500 million per year. Based on comments from EPIC and other advocates, the Commission adopted recommendations to: only charge inmates and their families for services that are “used and useful” to them, prohibit site commissions (kickbacks to jails that raise the cost of calls), cap the maximum allowable charges for voice and video calls, and guarantee free Telecommunications Relay Services for persons with disabilities.

EPIC Joins Public Knowledge in Supporting FCC Rule that Prohibits Digital Discrimination in Broadband Accessibility
EPIC joined Public Knowledge’s amicus brief in support of the Federal Communications Commission in Minnesota Telecom Alliance v. FCC, an Eighth Circuit case challenging the FCC’s rule prohibiting discrimination in access to universal communications services, such as discrimination in broadband deployment.

EPIC Amicus: Foreign Spyware is Not Exempt from Prosecution Under the CFAA
EPIC urged the Ninth Circuit to recognize that the Northern District of California has jurisdiction to hear a case brought by foreign journalists whose devices were hacked using Pegasus, a spyware application produced by Israeli company NSO Group. EPIC’s amicus explains that U.S. courts have jurisdiction because Computer Fraud and Abuse Act (CFAA) applies extraterritorially, there is a substantial local interest in prosecuting foreign hackers because the exploitation of American infrastructure undermines user trust in platforms, and that individual victim cases are vital to giving the CFAA full effect.

EPIC, Coalition Call for Meaningful Guardrails for the use of AI in National Security Systems
EPIC joined several other organizations on a letter to urge the Biden Administration to establish meaningful standards for the use of AI in the national security context. The coalition argued that “without proper guardrails on the use of AI in national security systems, the National Security Memorandum risks endangering U.S. national security, rather than protecting it.” The coalition advocated for the OMB guidance to be the baseline for the National Security Memorandum and include certain transparency, assessment, testing, oversight, and procurement requirements, among other requirements, for the use of AI in national security systems. 

EPIC Urges PCLOB to Take Deep Dive on Intelligence Community’s Use of AI in Counterterrorism
EPIC submitted comments to the Privacy and Civil Liberties Oversight Board (PCLOB)’s request for written submission on the role of artificial intelligence in counterterrorism. EPIC urged the PCLOB to thoroughly investigate the Intelligence Community’s practices in development, procurement, and deployment of all AI systems, not just those that would replace or replicate human behavior.

Utah Federal District Court Beats Back NetChoice’s Typically Overbroad Section 230 Arguments
In an order granting Utah’s motion for summary judgment, a federal district court in Utah rejected common tech industry arguments that seek overly broad protections against lawsuits through similarly overbroad interpretations of Section 230. Crucially, this beats back tech industry arguments that the way they design their platforms cannot be regulated. Content-neutral design regulations are an effective, constitutional, and increasingly frequent way in which legislatures are attempting to protect users.

Ninth Circuit Signals Mixed Bag for Litigants in NetChoice v. Bonta and X v. Bonta
The Ninth Circuit heard oral argument in two important First Amendment challenges to California platform governance laws: NetChoice v. Bonta and X v. Bonta. The Ninth Circuit panel that heard the cases seemed influenced by the U.S. Supreme Court’s recent decision in Moody/Paxton, which held that that First Amendment challenges to platform regulations need to be specific and facial challenges carry a big burden.

SCOTUS Will Hear Texas Age-Gating Case
The Supreme Court granted cert in a case challenging the constitutionality of a Texas law that requires users to verify their ages before accessing websites where more than one-third of the available material is sexually explicit.

Supreme Court Deals Blow to Big Tech’s Campaign to Immunize Itself from Regulation
The Supreme Court’s decision in the NetChoice cases is a huge loss for NetChoice. The Big Tech trade group sought a pronouncement that platform design choices are wholly protected expression, but the Court refused to take the bait. Instead, the Court took the approach that EPIC advocated in its amicus brief: to the extent that the decision recognizes any protected editorial judgment for platforms’ decisions about whether and how to display content, it is narrowly confined to decisions that reflect a company’s judgements about the content, and does not include content-neutral design decisions.

EPIC Urges FCC to Protect Data of Callers to the 988 Crisis Hotline System
EPIC urged the FCC to protect and reassure 988 callers by prohibiting the collection of geolocation information, by prohibiting carriers from disclosing caller data, and by requiring carriers and vendors to meet basic cybersecurity standards.

EPIC and 48 Civil Society Organizations Send Joint Statement to New EU Presidency to Withdraw CSA Regulation that Would Break Encryption
EPIC and 48 civil society organizations sent a joint statement to the new president of the EU reiterating our concerns over the proposed Child Sexual Abuse (CSA) Regulation which would break encryption and introduce client side scanning on all devices. The letter calls on the Council and the EU Parliament to demand that the Commission withdraw the draft CSA Regulation.