Dec 062009
 

Back in September, PogoWasRight.org reported that EPIC.org had filed a complaint with the FTC about EchoMetrix, a developer of software for monitoring of online activity. As reported at the time, EPIC alleged that EchoMetrix analyzes the information collected from children and sells the data to third parties for marketing or intelligence purposes while claiming it protects children’s online privacy.

As a consequence of that complaint, the Department of Defense canceled its contract with Echometrix.  EPIC.org reports:

Documents obtained by EPIC, pursuant to a Freedom of Information Act (FOIA) request, revealed the Defense Department canceled a contract with Echometrix, following an EPIC complaint to the Federal Trade Commission earlier this year. According to the documents obtained by EPIC, the Army and Air Force Exchange Service  [AAFES] pulled My Military Sentry, which collects data for marketing purposes, from its online store: “The collection of AAFES customer information (personal or otherwise) for any other purpose than to provide quality customer service is prohibited . . . . Giving our customers the ability to opt out does not address this issue.”

According to the documents obtained under FOIA, on October 14, Matthew McCoy, Manager of the Exchange Mall e-mailed EchoMetrix’s head of business development and retired Lieutenant Colonel Kevin Sullivan, founder of Leading Points Corporation, their marketing agent:

I was forwarded the attached complaint submitted to the FTC by EPIC. It is very unfortunate that you did not inform me of this issue. Our customers’ privacy and security is very important to us, and we trust our Mall Partners to maintain the security of our customers.

I have removed your site, and it will remain offline until this matter with EPIC and the FTC is resolved.

In a back-and-forth exchange of e-mails, EchoMetrix provided information on its policies and assured AAFES “Again there is no matter with the FTC to resolve.” Despite their confident assurance, on October 27, McCoy informed them that Sentry Parental Controls was removed from the Exchange Online Mall.

But while I was waiting for a response from EchoMetrix before posting this story, Jaikumar Vijayan of Computerworld beat me to the punch and has more on the story. You can read his coverage here.

Update: I just received this statement from EchoMetrix, which I am reproducing in its entirety. It’s the same statement Computerworld received:

Echometrix does not collect personally identifiable information or expose the source of any digital content. The company has never and will never collect, distribute or sell personal information as defined by COPPA (the Children’s Online Privacy Protection Act).

Jul 282009
 

The Office of Management and Budget is seeking public comments on the use of Web tracking techniques on federal government websites. Government agencies are currently prohibited from using persistent identifiers, such as cookies, except when there is a compelling need. EPIC, in comments to the President’s Office of Science & Technology, said that the government should not track users who are seeking online access to public information. EPIC is also pursuing a FOIA request concerning the transfer of personal information collected by federal agencies to private vendors. Comments are due to OMB by Aug. 10, 2009. Suggestions may also be submitted at the OSTP blog. For more information on persistent tracking, see EPIC Cookies.

Source:  EPIC.org

Jun 242009
 

EPIC.org reports that the Transportation Security Administration has replied to the Privacy Coalition statement on backscatterwhole body imaging systems. The letter, signed by Acting Administrator for TSA, Gale Rossides, identifies all of the protections that WBI has in place.   But it really doesn’t address the biggest concerns about the potential for the misuse and the fact that this system is no longer being used for secondary screening purposes but for primary screening purposes.

Even if the screener cannot match the naked image of a passenger with the actual passenger, do you think it’s neccessary for TSA to use such intrusive and embarrassing search methods?

Jun 182009
 

From EPIC.org

With ID theft rapidly increasing in the United States, EPIC Executive Director Marc Rotenberg urged a Congressional Committee to address the root causes of the problem. In a testimony before the House Oversight Committee, Mr. Rotenberg said that the government typically acts only after the crime has occurred and warned that the problem will get worse if current trends continue. EPIC recommended a comprehensive strategy for ID Theft that would include: (1) Establishing privacy safeguards for web 2.0 services; (2) Ensuring privacy protections for outsourcing; (3) Enacting comprehensive privacy legislation; (4) Making privacy protection a focal point of cybersecurity policy; and (5) Developing better techniques for Identity Management.