Fed sites can track users
April 17, 2001
BY NANCY ZUCKERBROD
WASHINGTON--Dozens of federal Web sites use unauthorized software that
tracks Internet users despite policy rules that ban such
information-gathering, according to a report to Congress.
The true scope of the problem has not been identified. The report said
the National Aeronautics and Space Administration could not even
determine how many Web sites it operates, so investigators could not
say how many of them might be using the tracking software.
The report was culled from 16 agency audits, a third of the audits in
the works. The other agencies are expected to release their findings
within a few months, said Sen. Fred Thompson, R-Tenn., chairman of the
Senate Governmental Affairs Committee.
Thompson released the report Monday. It said investigators found 64
federal Web sites that used unauthorized files that allowed them to
track the browsing and buying habits of Internet users.
In many instances, the agencies said they did not know the tracking
technology was being used. But some agencies say they benefit from the
data gathered by the electronic "cookies," as the technology is
called.
A cookie is a small software file that allows an Internet site to
identify a specific computer that logs on to the site. Cookies can
make browsing more convenient by letting sites distinguish user
preferences, but the device has been attacked as an intrusion on
privacy because they can track the kinds of Web sites frequented by a
specific computer.
The U.S. Mint uses the software to operate an online shopping cart
that is similar to what can be found on many e-commerce sites.
The departments of Education, Treasury, Energy, Interior and
Transportation used unauthorized cookies, as did NASA and the General
Services Administration, the report said.
It did not estimate how many people visited the sites during the
audit, which occurred late last year and early this year.
The company Jupiter Media Metrix, which tracks Internet usage, said
government sites are popular. The company estimates that 3.5 million
Internet users went to NASA's Web site in March, and 2.2 million
people visited the Education Department's site.
Ari Schwartz, senior policy analyst for the Center for Democracy and
Technology, which follows privacy issues, called the report troubling.
"Generally when we think about privacy and the government, we want to
make sure that the government is transparent and does protect privacy
over and above the rest of the Internet and the rest of the private
and nonprofit sector," Schwartz said.
His organization was among several that signed a letter Monday urging
the Bush administration to fill quickly a post created by President
Clinton that heads an office to keep tabs on agencies ensuring they
adhere to privacy policies.
Congress ordered all agency inspectors general to investigate the use
of cookies after the General Accounting Office reported in October
that about a dozen agency Web sites were using the software even
though a Clinton administration memorandum in June restricted the
practice.
The only acceptable use of cookies is in case of compelling need and
with the approval of the agency head. In those instances, Web sites
must inform Internet users of the practice.
Contractors operating Web sites for government agencies also must
abide by the policy.
The White House referred questions to the Office of Management and
Budget, where spokesman Chris Ullman said the Clinton-era policy
remains in effect.
"Privacy issues are of great importance to the president," Ullman
said.
Because 11 Energy Department Web sites used the unauthorized files,
Inspector General Gregory Friedman said the department "cannot provide
reasonable assurance" the privacy of Web site visitors would be
protected.
General Services Administration Inspector General William Barton
reported a contractor managed business operations of an agency site
that used the tracking files. He said the agreement gave the
contractor ownership of any information gathered about Internet users
who visited the site.
Of agencies surveyed, the Transportation Department was most likely to
use the tracking files, according to the report. It had them on 23 Web
pages, but the devices have since been removed, according to John
Meche, the agency's deputy assistant inspector general.
He said cookies were inadvertently added to agency sites when Web
pages were reconfigured. "Protecting Web privacy is an ongoing
challenge because Web sites are constantly revised or reconfigured,"
Meche said in his report.
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|