Tuesday September 12, 2000
U.S. Web Sites Fail Privacy Test, GAO Says
By Jim Wolf

WASHINGTON (Reuters) - Only three percent of surveyed U.S. government Web sites fully meet proposed privacy standards for commercial Web sites, a congressional report said on Tuesday.

The study by the General Accounting Office, Congress's nonpartisan investigative and audit arm, was discounted by the Clinton administration as comparing apples and oranges.

Ninety-seven percent of the 65 surveyed sites failed to comply with all four of the ``fair information practice'' principles proposed by the Federal Trade Commission for electronic commerce, the report found.

It said 14 percent, as of July, allowed third parties to deploy tracking devices called ``cookies,'' an e-commerce practice that privacy advocates decry.

House Republican leader Dick Armey of Texas called the study a ``devastating'' assessment of what he said was the Clinton-Gore administration's failure to live by its own privacy standards.

``People with glass Web sites should not throw stones,'' said Armey, who requested the study with W.J. ``Billy'' Tauzin, a Louisiana Republican who chairs the House Subcommittee on Telecommunications, Trade and Consumer Protection.

The White House Office of Management and Budget (OMB) said the report was misleading because federal Web sites serve a different purpose than commercial ones and were already subject to the Privacy Act and other rules.

``We are concerned that the summary statistics in this report are comparable to a complaint that an apple lacks a thick, orange rind, '' Sally Katzen, the OMB's deputy director for management, said in a Sept. 7 letter included in the GAO report.

Armey and Tauzin trumpeted the GAO findings as showing the Democratic administration was in no position to set new privacy standards for e-commerce over industry opposition. So far, the administration has steered clear of endorsing a vote in May by the FTC, an independent agency, to seek power from Congress to enforce privacy standards on the Internet.

``We should not let a government that has this kind of a performance presume to police the private sector,'' Armey said at a Capitol Hill news conference. He made clear that the Internal Revenue Service's site was among those that did not meet the FTC's proposed standards.

``Which worries you more? The IRS disclosing your personal financial information, or the GAP.com knowing how many pairs of jeans you've bought this year?'' he said.

The IRS said it did not know why its Web site was being faulted. ``We don't collect information on our Web site. We don't use cookies and in any case, we're barred from sharing confidential taxpayer information by law,'' said spokesman Terry Lemons.

Both Armey and Tauzin, who said he would hold hearings on the matter, urged industry to police themselves to protect online privacy, just as the administration has done.

The GAO found that the FTC itself failed to let visitors decide how the agency uses any data they provide, one of the four principles it has championed.

The other three involve giving notice of information practices; allowing consumers access to collected data and ways to contest any inaccuracies; and maintaining adequate security to protect from unauthorized use.

FTC spokesman Eric London, illustrating what he described as a fundamental difference, said commercial Web sites had full control over the data they collected while government ones were obligated by law to share certain information with other federal, state and local agencies.

``We disclose that information,'' he said. But if consumer go ahead and provide data, ``we can't allow them to opt out'' given statutory requirements on information-sharing, including with Congress.

Back To The Study