Profile: The EPIC quest to build privacy rights on a foundation of integrity

In the first of an occasional series on the world’s leading privacy organisations, Simon Davies looks at the Washington DC-based Electronic Privacy Information Center (EPIC).

In the eyes of the US government, King Henry 11’s famous outburst “Will no-one rid me of this meddlesome priest” could well have been intended for the Electronic Privacy Information Center (EPIC). Over the past twenty-three years this tenacious NGO has been an enduring thorn in government’s side.

From its earliest days, the organisation became obsessed with discovering the keystone issues upon which strong privacy – or endemic intrusion – depend. That meant carefully selecting its battles. Case Law precedent was crucial, but so too was the challenge of winning the hearts and minds of the American public.

EPIC’s activism casts a very wide net and its mandate goes beyond the traditional scope of privacy rights. For example this year, responding to President Trump’s interference in State voter oversight, the group immediately launched a stinging series of legal actions to block the White House initiative. This followed EPIC’s influential intervention in the scandal over Russian interference in the 2016 election.

EPIC’s Marc Rotenberg: aligning strategy with principle

These were just a couple of activities in a litany of high-profile actions by the group. In 2017 alone, EPIC succeeded in forcing the transport company UBER to back off from putting its customers under surveillance. It pursued the release of Trump’s tax records, intervened in surveillance actions by the FBI and the DHS and created dozens of actions that have gone to the heart of government intrusion. These range from regular Congressional testimony, submissions, petitions and statements to FOI requests and Amicus briefs. Little wonder that even back in 2000, Britain’s Daily Telegraph newspaper described the organisation as “wonderfully subversive”.

That being so, it could never be said that EPIC is revolutionary or even radical. It sticks fiercely to the Rule of Law and plods a meticulous path through the legal system. Through a strong ethical foundation and a belief in Truth to Power, it has succeeded where many others have given up due to disillusion or fatigue. Nonetheless, in some respects, EPIC defies definition, which has turned out to be one of its core strengths.

Still, the reputation articulated by the Telegraph is well deserved. EPIC has an active presence in a huge number of advisory groups, committees, planning fora and expert structures. This activity isn’t limited to US territory. The organisation is influential in international groups such as the OECD and UNESCO.

Even just at the regulatory level, EPIC has filed many successful consumer privacy complaints with the US Federal Trade Commission, targeting Snapchat (faulty privacy technology), WhatsApp (privacy policy after its acquisition by Facebook), Facebook (changes in user privacy settings), Google (the roll-out of Google Buzz), Microsoft (Hailstorm log-in), and Choicepoint (over the sale of personal information to identity thieves).

The early days

It was the Spring of 1993 and in Washington DC, a brilliant young lawyer – Marc Rotenberg – was trying to figure out how best to engage the fledgling world of privacy. With a grounding in Computer Professionals for Social Responsibility (CPSR) he knew back then what most others did not: privacy was going to be a huge issue – and it needed strong and highly organised advocates.

From its earliest days, the organisation became obsessed with discovering the keystone issues upon which strong privacy – or endemic intrusion – depend. That meant carefully selecting its battles. Case Law precedent was crucial, but so too was the challenge of winning the hearts and minds of the American public.

US media was already on top of some of the privacy strands: Caller Number ID, biometrics, identity cards, government infiltration of technology, CCTV, Fourth Amendment rights FBI surveillance and Opt-out. These had played out in the public arena for some years, but the reporting often lacked an adversarial dynamic that would, in time, bring the issues to life for the majority of Americans – and for US case law.

By the following year, Rotenberg had established EPIC. It was a tough road. Grant-giving organisations such as the Ford Foundation had at that point still not grasped the importance of privacy. Those were the days when advocates still needed to motivate and educate funders about the meaning of privacy.

Still, from its new Pennsylvania Avenue office, the new organisation thrived. There were a hundred issues in the public domain, and within two years EPIC somehow found the resources to engage many of them. Rotenberg – a three-time Washington DC chess champion – brought his strategic nous to organisational development.

This was a “Crossroads” moment in the history of privacy advocacy. Rotenberg and EPIC had made a decision – based on ethics and pragmatism – from the earliest days to avoid corporate support. Interestingly, at the time, it shared office space with the Center for Democracy & Technology (CDT), an influential organisation that started operations later in 1994 and which had no issue with such sponsorship. There was an immediate conflict of approach, but – more important – a question of how the US privacy movement should be positioned. Thankfully, starting with the Fund for Constitutional Government and others, privacy soon became a program stream for many philanthropic foundations.

EPIC’s effort, right at the birth of US advocacy, had – even then – found many supporters. Quite a few of those supporters congregated at the annual Computers, Freedom & Privacy (CFP) conference. There were publishers and analysts such as Evan Hendricks from Privacy Times and Bob Ellis Smith from Privacy Journal. The ACLU, through Janlori Goldman, was getting more heavily involved, while academics such as Georgetown’s Mary Culnan were deeply focused on specific privacy issues. In many respects, the US was way ahead of the world.

From the start, EPIC realised that the strategic use of Freedom of Information (FOI) requests would be crucial to opening up government, and they soon became the experts in that endeavour. In Colin Bennett’s book The Privacy Advocates, Rotenberg said “our FOI requests typically tend to be fairly surgical. We are not going to write to the Department of Homeland Security and say please give us all the documents regarding government proposals that implicate privacy interests. There’s really no point.”

There was substantial support within the EPIC family for this complex undertaking. We who worked overseas knew them as “The Dynamic David’s” – David Banisar, David Sobel and David Burnham. Together with Rotenberg, they achieved an unprecedented penetration of the FOI mechanism. Even now, EPIC is ranked fifth nationally for FOIA activity among all advocacy groups in all sectors.

Sticking to core principles

Of course there were those who felt EPIC’s work was too grounded in law and legal principle. It was a time, at the dawn of the 21st century, when advocates were being drawn to slick messaging and social media. All the same, EPIC stuck true to its faith in history and constitutional integrity as the foundation for its work.

The acid test for this approach came on 9/11. The US went into meltdown, and for a while it seemed that privacy was doomed. However the ethical and intellectual pillars offered by EPIC helped galvanize the resolve of key lawmakers to preserve America’s fragile protections.

In his 2001 report, Rotenberg argued: “You may think we would be discouraged. But this is the work of democracy. We don’t have the time, the luxury or the opportunity to be discouraged.”

And, referring to the clamour for an adjustment to the equation of privacy and security, Rotenberg opined:

(D)emocratic government doesn’t work that way. Constitutional democracies do not prosper on that idea, you cannot give over to others the shared responsibility for ensuring freedom and security. Democracy requires oversight and accountability. It requires asking hard questions. And it requires affirming basic political rights, even in a time of crisis: to express dissent, to question military action, and to oppose the expansion of executive authority. There will be disagreements in these debates. But these are debates that democracy does not simply make possible; these are debates that democracy requires.”

It was a great battle-cry for the preservation of freedom, and it stands today as relevant as it was back then.

 * * * * * * * * * * * *

Simon Davies is an EPIC International Fellow and is publisher of the Privacy Surgeon