RealTime IT News

Most Federal Web Sites Fail Privacy Test

According to a congressional report released by the U.S. General Accounting Office Tuesday, only three percent of the government Web sites surveyed meet with current proposed privacy standards.

The GAO report reviewed Web content of 24 major federal agencies including some 65 government Web sites. Only three percent of the Web sites surveyed, or about two sites, passed the GAO's security and privacy tests.

Joel Willemssen, director of civil agencies information and author of the GAO report, said in a statement that privacy concerns and security risks abound at government Web sites.

"At 21 of the 24 agencies, we identified problems in the area of security program management fundamental to the effectiveness privacy protections," Willemssen said.

The GAO's security program management review covered a range of activities related to understanding information security risks, including selecting and implementing security controls and ensuring that controls, once implemented, continue to operate effectively.

House Majority Leader Dick Armey (R-TX) blamed the White House Administration for failing to execute on implementing "fair information principles", as proposed by the Federal Trade Commission.

"The GAO report is a devastating assessment of the Clinton-Gore Administration's failure to live by its own privacy standards," Armey said. "People with glass Web sites should not throw stones. Since only three percent of the Administration Web sites met all four FTC privacy criteria, perhaps the government could take a few lessons from the private sector."

In a statement from the White House, a representative disputed the report as misleading because the FTC's privacy guidelines were not designed to apply to U.S. agencies.

What unnerves people on and offline is that the report included frightening reviews of who has access to data collected at the U.S. Department of the Treasury, which operates Web sites for the Internal Revenue Service, the Bureau of Alcohol, Tobacco & Firearms, and the U.S. Customs Service, among other federal agencies and bureaus.

Rep. Armey said he is deeply concerned about how the federal government collects and stores vast amounts of personal information about you and me.

"You are required to personal information to the government, you have no choice," Armey said. "You don't have an option to use a commercial website if you feel the government has a bad privacy policy. Which worries you more? The IRS disclosing your personal financial information or the GAP.com knowing how many pairs of jeans you've bought this year?"

Armey added that it is critical for the government to restore confidence in the federal government's ability to protect citizens personal information.

"I think the government should start worrying about whether it really should be maintaining so much information on its citizens," Armey said. "That would be one positive step toward to protecting our privacy."

The GAO first started reviewing federal computer and security systems in September 1996. Not much has changed since it first announced that federal computer security systems are fraught with weaknesses and that critical operations and government assets are at risk.

Willemssen said previous analyses have shown that federal computer systems were not adequately protecting their networks that process, store, and transmit enormous amounts of sensitive personal data.

"In September 1996, we reported that serious weaknesses had been found