Both branches of Congress have now passed a bill governing the security of the Internet of Things. The "Internet of Things Cybersecurity Improvement Act of 2019" sets baseline cybersecurity standards for IoT devices purchased by the federal government. The bipartisan measure is sponsored by Rep. Will Hurd (R-Texas) and Rep. Robin Kelly (D-Ill.) in the House and Sens. Mark Warner (D-VA) and Cory Gardner (R-CO) in the Senate. "While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security," said Sen. Warner. The bill now heads to the President's desk for signature. EPIC recently told Congress that "the IoT network is the weak link in consumer products" and urged the establishment of of mandatory privacy and security standards.
The Los Angeles Police Department (LAPD) issued a moratorium on the use of third-party commercial facial recognition systems including Clearview AI. However, the LAPD will continue to use a Los Angeles County system which searches booking images. LAPD officers have used Clearview AI at least 475 times since 2019. Clearview AI is a particularly dangerous facial recognition system because it queries a database of over 3 billion images scraped from social media sites, compromising the privacy of more individuals than smaller-scale systems. EPIC recently filed a Freedom of Information Act lawsuit seeking information on Immigrations and Customs Enforcement's (ICE) use of Clearview AI. EPIC leads a campaign to Ban Face Surveillance.
EPIC has filed an amicus brief in Massachusetts Attorney General v. Facebook urging the Massachusetts Supreme Judicial Court to require Facebook to disclose information about third-party apps that violated user privacy protections. The Attorney General requested the information as part of an investigation into the 2018 Cambridge Analytica scandal. EPIC wrote that Facebook has been obligated to collect information about user privacy abuses for more than a decade but failed to do so in this case until threatened with litigation. As a consequence, EPIC argued, if the company is allowed to keep this information secret, "Facebook will continue to evade accountability and the harmful effects of Facebook's business practices could go undetected." EPIC argued that Facebook has had a long pattern of secrecy, and that Facebook now "knows a shocking amount about each of its users, but its users know shockingly little about Facebook." EPIC has long sought accountability for Facebook's broken privacy promises. EPIC filed the original FTC Complaint in 2009 that led to the FTC's 2012 Consent Order with the company, subsequently filed several complaints alleging violations of the Order, urged the FTC to investigate the Cambridge Analytica incident, and moved to intervene in and filed an amicus brief challenging the FTC's 2019 settlement with Facebook.
