yesIssie LapowskyNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

People

EPIC is in turmoil after its president took a coronavirus test without telling staff. It came back positive.

Employees say Marc Rotenberg put their health at risk and undercut EPIC's message.

EPIC President Marc Rotenberg

EPIC President Marc Rotenberg's employees say he put their safety at risk and undermined their organization's resistance to invasive coronavirus surveillance.

Photo: Mark Wilson/Getty Images

A chief critic of the tech industry's attempts to track coronavirus patients went to work and held meetings with employees after his doctor directed him to take a test for COVID-19 that subsequently came back positive.

Marc Rotenberg, the president and executive director of the Electronic Privacy Information Center in Washington, D.C., acknowledged in a memo to his staff and his board that he should have quarantined and alerted his staff that he was taking a coronavirus test on March 9, instead of continuing to work alongside them for two days.

But Rotenberg's apology hasn't quelled the anger of some EPIC employees, who say he not only put their safety at risk, but also undermined their organization's resistance to invasive coronavirus surveillance.

"He's out there saying privacy trumps surveillance," said one former employee who worked there at the time. "Every time he opens his mouth, what runs through my head is: We need more surveillance."

Internal documents and interviews with several current and former employees reveal that this incident has sparked an uprising within EPIC's small team of about a dozen people, with several employees resigning — including Rotenberg's deputy, Mary Stone Ross — following Rotenberg's dual revelation that he had COVID-19 and that EPIC was facing funding difficulties. Others have written to EPIC's board, asking for substantive changes to the organization's management structure.

Rotenberg meanwhile has continued to warn Congress and the public against embracing technological tools that use location data to enable widespread coronavirus surveillance without considering the privacy implications. "Sometimes people have an almost sacrificial sense about their privacy," Rotenberg told BuzzFeed News in an article published 19 days after Rotenberg received his results. "They say things like, 'Well, if it'll help save lives for me to disclose my data, of course, I should do that.' But that's actually not the right way to solve a problem."

Rotenberg has apologized to EPIC's staff, writing in a letter reviewed by Protocol, "I am genuinely sorry for the disruption, concern and worry I may have caused to you and your family. Please know that was never my intent. I tried my best to make good decisions, given the information I had. In retrospect, there is more I should have done."

Asked to comment, Rotenberg responded by accusing a former staff member of leaking the story to Protocol. Asked again to comment, he said: "I think I said what needed to be said."

It was direct contact tracing that first alerted employees that they had been exposed to the virus. On March 11, an EPIC employee emailed the rest of the team to say he'd received a call from the Washington, D.C., department of public health. A health official told him he may have come into contact with someone who tested positive for coronavirus. In the email, the employee let his colleagues know he'd be working from home and monitoring for symptoms in order to protect the rest of the EPIC team.

But then shortly after, another staffer followed up saying they'd gotten the same call. Then another. Then another. By the end of the day, all of the advocacy group's Washington, D.C.-based employees confirmed they'd received the same warning.

Rotenberg hadn't responded to the thread, but earlier in the day, he had emailed the staff, encouraging them to work from home. "Also, social distancing is a good practice," he wrote, according to an email reviewed by Protocol. He did not mention that his COVID-19 test had come back positive that very morning.

The staffers swapped stories, wondering who might have brought the virus into the office. Some theorized it was a mail carrier. Some wondered if it had been a journalist who recently visited. Others speculated that Rotenberg, who returned from a trip to Milan in late February, might have been the source.

The next day, on March 12, Rotenberg called the entire team to a Zoom meeting and confirmed that he had, in fact, tested positive for coronavirus. He also laid out a rough timeline of his recent medical history, according to interviews with people on the call. He told them he'd returned from Milan on Feb. 22, and registered a temperature of 99.5 on March 1. At the time, that was still below what the Centers for Disease Control considered to be a symptom. But on March 5, he contacted his physician about his temperature and his recent travel to Italy, after receiving guidance from Georgetown University, where he teaches. According to the account Rotenberg gave in his apology letter, his doctor initially didn't think he needed to be tested but changed course the following day. At that point, it was Friday, and Rotenberg later told the staff he was already on a plane about to depart for Miami for the weekend. So he scheduled a test for when he returned to D.C. on Monday, March 9.

Rotenberg went to the office that Monday, Tuesday and Wednesday, and left as soon as he received the call about his results Wednesday morning. But he didn't mention any of this to his staff until the Zoom meeting that Thursday.

"We were all a little shocked," said one former employee who was on the call. "There was no sense of apology, no humility, not even, 'I thought I was responsible at the time, but looking back I would have done things differently.'"

Then Rotenberg dropped another bomb, telling the staff that EPIC only had enough money to pay people's salaries for another six months.

"It was, 'I exposed my team to a pandemic, and you might not have a job' in the same meeting," the former employee said. "Pretty rough."

"That really did it for everybody," said one current employee. "Everybody was like, 'What is going on?"

As privacy advocates, the EPIC staff understood more than most the importance of protecting employees' private health information. The nonprofit's lawyers are constant fixtures on Capitol Hill, forever butting heads with tech giants like Facebook and Google over the ways they collect and share personal data. But those employees also believed their boss had a responsibility to protect them, too. "The idea [of anonymity] is for workplace retaliation. I think that rationale is pretty strained when it's the executive director," said one of the former employees.

Even after testing positive and alerting staff, internal emails show, Rotenberg told employees he was going to the office to collect the mail, though it's unclear if he ever did. This prompted multiple employees to contact D.C.'s department of public health.

More than two weeks after the meeting, after EPIC employees wrote to members of the board with their concerns, Rotenberg sent the board and the staff a five-page letter both apologizing and defending his actions.

"I know some people are surprised and concerned that I was in the office on March 9, and I can imagine a scenario where someone else in the same situation could have stayed home to wait for a determination. In retrospect, that was obviously the better choice," Rotenberg wrote on March 30. "But at the time, and even today, that is not the CDC protocol. People are routinely tested then continue to practice social-distancing rather than self-quarantine."

For EPIC's employees — at least one of whom says they've experienced some symptoms consistent with the virus — this is hardly enough. Beyond the concerns for their own safety, the employees Protocol spoke with say Rotenberg's behavior gives those who might like to expand surveillance of coronavirus patients — and the rest of the population — the very excuse they need. "It rubs us all the wrong way when we see him quoted in the press talking about contact-tracing privacy issues when he's violating the guidelines," a former employee said.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


In his letter to the staff and the board, Rotenberg said he followed all CDC protocols as they stood at the time. His letter didn't address whether he went to the office to check the mail after being diagnosed.

Of course, there's also Rotenberg's privacy to consider. EPIC's employees say they thought a lot about that before sharing this information publicly. But they argue that, in this situation, the risks to him maintaining his privacy outweighed the benefits.

"Privacy is something that's constantly weighed against other things," one current employee said. "It doesn't make sense for it to be absolute."

People

Making the economy work for Black entrepreneurs

Funding for Black-owned startups needs to grow. That's just the start.

"There is no quick fix to close the racial wealth and opportunity gaps, but there are many ways companies can help," said Mastercard's Michael Froman.

Photo: DigitalVision/Getty Images

Michael Froman is the vice chairman and president of Strategic Growth for Mastercard.

When Tanya Van Court's daughter shared her 9th birthday wish list — a bike and an investment account — Tanya had a moment of inspiration. She wondered whether helping more kids get excited about saving for goals and learning simple financial principles could help them build a pathway to financial security. With a goal of reaching every kid in America, she founded Goalsetter, a savings and financial literacy app for kids. Last month, Tanya brought in backers including NBA stars Kevin Durant and Chris Paul, raising $3.9 million in seed funding.

Keep Reading Show less
Michael Froman
Michael Froman serves as vice chairman and president, Strategic Growth for Mastercard. He and his team drive inclusive growth efforts and partner across public and private sectors to address major societal and economic issues. From 2013 to 2017, Mike served as the U.S. trade representative, President Barack Obama’s principal adviser and negotiator on international trade and investment issues. He is a distinguished fellow of the Council on Foreign Relations and a member of the board of directors of The Walt Disney Company.
Sponsored Content

Building better relationships in the age of all-remote work

How Stripe, Xero and ModSquad work with external partners and customers in Slack channels to build stronger, lasting relationships.

Image: Original by Damian Zaleski

Every business leader knows you can learn the most about your customers and partners by meeting them face-to-face. But in the wake of Covid-19, the kinds of conversations that were taking place over coffee, meals and in company halls are now relegated to video conferences—which can be less effective for nurturing relationships—and email.

Email inboxes, with hard-to-search threads and siloed messages, not only slow down communication but are also an easy target for scammers. Earlier this year, Google reported more than 18 million daily malware and phishing emails related to Covid-19 scams in just one week and more than 240 million daily spam messages.

Keep Reading Show less
People

Citizen’s plan to keep people safe (and beat COVID-19) with an app

Citizen CEO Andrew Frame talks privacy, safety, coronavirus and the future of the neighborhood watch.

Citizen added COVID-19 tracking to its app over the summer — but its bigger plans got derailed.

Photo: Citizen

Citizen is an app built on the idea that transparency is a good thing. It's the place users — more than 7 million of them, in 28 cities with many more to come soon — can find out when there's a crime, a protest or an incident of any kind nearby. (Just yesterday, it alerted me, along with 17,900 residents of Washington, D.C., that it was about to get very windy. It did indeed get windy.) Users can stream or upload video of what's going on, locals can chat about the latest incidents and everyone's a little safer at the end of the day knowing what's happening in their city.

At least, that's how CEO Andrew Frame sees it. Critics of Citizen say the app is creating hordes of voyeurs, incentivizing people to run into dangerous situations just to grab a video, and encouraging racial profiling and other problematic behaviors all under the guise of whatever "safety" means. They say the app promotes paranoia, alerting users to things that they don't actually need to know about. (That the app was originally called "Vigilante" doesn't help its case.)

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Transforming 2021

Blockchain, QR codes and your phone: the race to build vaccine passports

Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.

One day, you might not need to carry that physical passport around, either.

Photo: CommonPass

There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.

Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.

Keep Reading Show less
Mike Murphy

Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.

Policy

Here are Big Tech’s biggest threats from states

The states are moving much quicker than Congress on privacy, taxes and content moderation.

Virginia is expected to be the second state to pass a comprehensive privacy law.

Photo: Ron Cogswell/Flickr

When critics say that Virginia's new privacy bill is "industry-approved," they're not totally wrong, said David Marsden, the state senator who has been working for months to shepherd the law through the state legislature.

It was an Amazon lobbyist who originally presented Marsden with the text of the bill, which hews closely to the failed Washington Privacy Act, versions of which have been pushed by Microsoft across the country.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Latest Stories