October 20, 20000

WASHINGTON, DC - Senate Governmental Affairs Chairman Fred Thompson (R-TN) today issued findings from Committee oversight audits and reports documenting Federal agency violations of personal privacy and the Administration’s inability to protect personal privacy due to weak computer security.

"How can this Administration talk about protecting privacy when its own agencies jeopardize some of the public’s most private information?" Thompson asked. "Its failure to properly manage the integrity and security of Federal agency Web sites and computers continues to expose citizens to privacy violations, including the misuse or modification of personal information or identity theft. This undermines the credibility of the Administration’s commitment to protect privacy."

Thompson disclosed preliminary findings of Federal agency violations of government policy on privacy which indicate that some Federal agencies are using cookies—information-gathering devices that can be used to track the activities of Internet users—on their Web sites despite claiming to the contrary in their privacy statements. Many other agencies which use cookies fail to disclose it in their privacy policies. These practices violate the Administration’s privacy policy.

The White House Office of National Drug Control Policy, which was singled out in June for using cookies without disclosure, is still using the devices on one of its Web sites—despite the fact that the privacy policy states that cookies are not used. Moreover, another agency—the Forest Service—appears to be allowing a private company to use cookies to collect information about users on the agency’s Web site. Visitors to the USDA Forest Service International Programs Web site are tracked by cookies that are placed on visiting computers by a private company. In return for the Web site "traffic reports" that the private company provides, the Forest Service has agreed to a number of terms and conditions, including granting the company co-ownership of the data collected by its cookies.

Thompson initiated the audit in response to concerns that government Web sites were using cookies despite a June 22 warning from the White House prohibiting agencies from using the information-gathering technology unless they had approval from the agency head, proved a "compelling need to gather the data on the site," and provided "clear and conspicuous notice."

"The Federal Government should set the standard for privacy protection," Thompson said. "Unfortunately, it appears that in some instances, the agencies are misleading the public about whether they or third parties are tracking information about citizens who visit their web sites. Worse still, we do not know how our citizens’ privacy is being endangered as a result of these agency practices."

Also at the request of Chairman Thompson, General Accounting Office investigators and others have also been asked over the last few years to test the strength of agency computer security programs. These investigators were able to break into complex computer systems which hold sensitive information collected by the Federal government, including citizens’ medical records and tax returns.

Thompson noted that in a recent survey on Government Information in the Internet Age, 63 percent of respondents said concern about computer security make them less likely to provide personal data to the government; and the possible misuse of government-held data worries 81 percent of Americans.

Thompson’s work on protecting privacy has included a series of investigations and hearings on the security of government computer systems; sponsoring the Government Information Security Act, S. 1993; sponsoring S. 3040, the Privacy Commission Act; and sponsoring amendments to curb abusive information-gathering practices of the Federal Government.