October 20, 20000
Administration Compromises Citizens’
Privacy
Thompson Reveals Agency Policy Violations and
Breaches
of Computer Security That Leave Citizen Privacy at Risk
WASHINGTON, DC -
Senate Governmental Affairs Chairman Fred Thompson (R-TN) today
issued findings from Committee oversight audits and reports
documenting Federal agency violations of personal privacy and
the Administration’s inability to protect personal privacy due
to weak computer security.
"How can this
Administration talk about protecting privacy when its own
agencies jeopardize some of the public’s most private
information?" Thompson asked. "Its failure to properly
manage the integrity and security of Federal agency Web sites
and computers continues to expose citizens to privacy
violations, including the misuse or modification of personal
information or identity theft. This undermines the credibility
of the Administration’s commitment to protect privacy."
Thompson disclosed
preliminary findings of Federal agency violations of government
policy on privacy which indicate that some Federal agencies are
using cookies—information-gathering devices that can be used
to track the activities of Internet users—on their Web sites
despite claiming to the contrary in their privacy statements.
Many other agencies which use cookies fail to disclose it in
their privacy policies. These practices violate the
Administration’s privacy policy.
The White House
Office of National Drug Control Policy, which was singled out in
June for using cookies without disclosure, is still using the
devices on one of its Web sites—despite the fact that the
privacy policy states that cookies are not used. Moreover,
another agency—the Forest Service—appears to be allowing a
private company to use cookies to collect information about
users on the agency’s Web site. Visitors to the USDA Forest
Service International Programs Web site are tracked by cookies
that are placed on visiting computers by a private company. In
return for the Web site "traffic reports" that the
private company provides, the Forest Service has agreed to a
number of terms and conditions, including granting the company
co-ownership of the data collected by its cookies.
Thompson initiated
the audit in response to concerns that government Web sites were
using cookies despite a June 22 warning from the White House
prohibiting agencies from using the information-gathering
technology unless they had approval from the agency head, proved
a "compelling need to gather the data on the site,"
and provided "clear and conspicuous notice."
"The Federal
Government should set the standard for privacy protection,"
Thompson said. "Unfortunately, it appears that in some
instances, the agencies are misleading the public about whether
they or third parties are tracking information about citizens
who visit their web sites. Worse still, we do not know how our
citizens’ privacy is being endangered as a result of these
agency practices."
Also at the request
of Chairman Thompson, General Accounting Office investigators
and others have also been asked over the last few years to test
the strength of agency computer security programs. These
investigators were able to break into complex computer systems
which hold sensitive information collected by the Federal
government, including citizens’ medical records and tax
returns.
Thompson noted that
in a recent survey on Government Information in the Internet
Age, 63 percent of respondents said concern about computer
security make them less likely to provide personal data to the
government; and the possible misuse of government-held data
worries 81 percent of Americans.
Thompson’s work on
protecting privacy has included a series of investigations and
hearings on the security of government computer systems;
sponsoring the Government Information Security Act, S. 1993;
sponsoring S. 3040, the Privacy Commission Act; and sponsoring
amendments to curb abusive information-gathering practices of
the Federal Government.
"Who
Has Their Hand in the Cookie Jar?"
Letter
to the Comptroller General
# # #
|