Government Web Sites Still Tracking Users
W A S H I N G T O N, Oct. 22, 2000 -- Despite a White House prohibition, 13
government agencies are secretly using technology that tracks the
Internet habits of people visiting their Web sites, and in at least
one case provides the information to a private company, a
congressional review has found.
The agencies range from the Federal Aviation Administration tothe federal offices that provide disaster relief and administerMedicare, the General Accounting Office found in a study obtainedby The Associated Press.
“How can this administration talk about protecting privacy whenits own agencies jeopardize some of the public’s most privateinformation?” asked Sen. Fred Thompson, R-Tenn., chairman of theSenate Governmental Affairs Committee..
Thompson’s committee has jurisdiction over the 1974 Privacy Actand other laws that dictate the government’s privacy practices.
At issue is the use by the 13 government Web sites of small textfiles called “cookies” that record information about an Internetuser’s browsing habits when they visit a site.
All Federal Agencies Advised
In June, the White House Office of Management and Budget advisedall federal agencies that they are not allowed to use such textfiles without approval from the agency head. If they are used, theOMB directive said, Web site visitors must be given “clear andconspicuous notice” of such use.
But the GAO, the investigatory arm of Congress, found that 13agencies were using the technology to track visitors, althoughtheir formal Internet policy claimed they weren’t doing so, andnone of the Web site visitors were advised the technology was beingused.
The study found all 13 tracked consumers’ path during theirvisit to the site, and some were employing “persistent” textfiles that could be read for years after the initial visit.
In addition, the U.S. Forest Service’s International Programssite was found to be using so-called “third-party cookies” thattransmit the visitors’ activities to a private company which hadbeen hired to compile reports for the agency.
Such a practice is not mentioned in the Forest Service site’sprivacy policy.
Forest Service Unaware of Cookies
Forest Service spokesman Joe Walsh said he was unaware of theuse of the tracking technology until contacted for comment Friday.“We’re looking into it,” Walsh said. “We take this veryseriously.”
The other agencies found to be using the “cookies” softwarewere the U.S. Customs Service, Bureau of Labor Statistics, FederalEmergency Management Agency, Office of National Drug ControlPolicy, Bureau of Land Management, Central Federal Lands HighwayDivision, the Energy Department’s Ames Laboratory, National ParkService, Office of Personnel Management, the U.S. Trade andDevelopment Agency and the Health Care Financing Administration,which runs Medicare.
In June, the White House confirmed that its drug policy officeoperated a Web site using the “cookies” technology. The discoveryprompted the directive from the White House budget office.
But the GAO concluded the drug office continues to use thetechnology, despite having a privacy policy that prohibits its use.
The drug policy office did not return a call for comment.
Congress has begun to weigh in more heavily on the issue ofgovernment privacy.
A provision sent to the president last week as part of theDefense Department spending bill Congress approved directs thegovernment to develop policies to increase computer security at allfederal agencies.
In past months, the GAO has reported that several federal agencynetworks, including those of the Department of Veterans Affairs andthe Environmental Protection Agency are easily prone to hacking.