Last week, Pennsylvania’s State Supreme Court ordered election officials not to count so-called “naked ballots” in the 2020 Election. These are mail-in ballots that arrive without an inner secrecy envelope. Pennsylvania's two-envelope ballot system includes a "secrecy envelope" that does not have personally identifiable information. The purpose of the secrecy envelope is to ensure that voter privacy is protected, but the state Supreme Court has now ruled that failure to lose the envelope would invalidate a ballot. There is a concern that voters who are submitting their ballots by mail for the first time might not understand the two-envelope system. The state has committed to increasing voter outreach and education to ensure that voters understand the need to use the secrecy envelope. Voters should check the Pennsylvania Mail-in & Absentee Ballots webpage and instructional video for more information on how to properly vote by mail. If Pennsylvania voters provide their email when registering for a mail-in ballot, they can receive ballot application and processing information. Voters can also track the status of their ballots online. Pennsylvania voters' mail-in ballot must be postmarked or returned to a designated drop off location by 8pm on Election Day. Anyone who is voting by mail or absentee should track the status of their ballots, and EPIC recently launched an interactive map to link voters to their state election resources.
In a report, the Department of Homeland Security's Office of Inspector General found that Customs and Border Protection failed to safeguard pictures of travelers obtained for a facial recognition pilot program, the Biometric Entry-Exit Program. The pictures were exposed in a data breach of a CBP subcontractor, Perceptics, LLC. OIG found that the CBP failed to undertake sufficient information security practices to prevent Perceptics from obtaining the data. At least 17 of the images were ultimately released on the dark web. EPIC leads an ongoing campaign to Ban Face Surveillance. In 2018 EPIC urged CBP to suspend its Biometric Entry-Exit Program. EPIC previously obtained documents on that program through a FOIA lawsuit.
In a statement to the Senate Commerce Committee before a hearing on the need for federal privacy legislation, EPIC urged lawmakers to establish an independent U.S. Data Protection Agency. EPIC laid out the FTC's typical privacy playbook: consent decrees, infrequent penalties, and no meaningful changes in business practices. "The FTC does not have the motivation or the tools necessary to enforce meaningful privacy and data protection rights in 2020," EPIC said, pointing to settlements the FTC had reached with Facebook, Google, YouTube, Uber, and Equifax. EPIC also noted the FTC's failure to use its existing authority to regulate privacy, including its rulemaking authority under Section 5 to establish stronger data security standards. "If the FTC fails to use these authorities, then the Commission is not capable of protecting Americans’ privacy, and the Commission should no longer be trusted to do so," EPIC stated. EPIC urged the Committee to hold a hearing on and give a favorable report to S. 3300, the Data Protection Act filed by Senator Gillibrand, which creates an independent U.S. Data Protection Agency.