In advance of the hearing on Russian Interference with the 2016 U.S. Election, EPIC has sent a statement to the Senate Intelligence Committee. EPIC urged the Committee to ask the FBI witness whether the FBI Victim Notification procedures were followed once the FBI became aware of the Russian cyberattack on the DNC and the RNC. In a Freedom of Information Act lawsuit EPIC v. FBI, EPIC obtained the FBI notification procedures that would have applied during the 2016 Presidential election. The documents indicate that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community." The obvious question at this point, said EPIC, is whether the FBI followed the required procedures for Victim Notification once the Bureau became aware of this attack. In a related FOIA case, EPIC v. ODNI, EPIC is seeking the public release of the complete report of the intelligence community on the Russian interference with the 2016 election. EPIC sent a similar letter to the House Intelligence Committee.
EPIC has sent a statement to the House Appropriations Committee in advance of a hearing on the FBI's budget. EPIC urged the Committee to examine the FBI's Next Generation Identification program. EPIC explained that the program "raises far-reaching privacy issues that implicate the rights of Americans all across the country." The FBI biometric database is one of the largest in the world, but the Bureau proposed to exempt the database from Privacy Act protections. EPIC and others supported strong safeguards for the program. In an early FOIA case against the FBI, EPIC obtained documents which revealed high error levels in the biometric database. EPIC has recently filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
In advance of a White House / OSTP meeting on "emerging technologies," EPIC has sent a statement to the Office of Science and Technology Policy. EPIC urged the Administration to focus on consumer protection and address the numerous privacy and security risks related to the "Internet of Broken Things." EPIC recommended recommended Privacy Enhancing Technologies, data minimization, and security measures for Internet-connected devices. EPIC also urged the Administration to issue regulations on drone privacy as mandated by Congress and to establish minimum safety standards for connected cars. EPIC warned that "The unregulated collection of personal data and the growth of the Internet of Things has led to staggering increases in identity theft, security breaches, and financial fraud in the United States."