By LANCE GAY Scripps Howard News Service September 07, 2000 WASHINGTON - At least four federal agencies are sharing taxpayer data they are gathering from Internet visitors to government Web sites with trade organizations, retailers or other outside parties, congressional investigators say. In a survey of online-privacy protections at government-run Web sites, the General Accounting Office found that 23 of 70 agencies surveyed have disclosed personal information gathered from Web sites to third parties, mostly other government agencies. But at least four agencies were found sharing information with private entities. The GAO is a congressional unit that audits federal programs. Some privacy advocates said the findings show the need to update a 1974 Privacy Act, which forbids government agencies from sharing with outsiders information they collect from taxpayers, but was drafted before computers were widely used. "It's time to strengthen this important law for the Internet age,'' said Ari Schwartz, policy analyst with the Center for Democracy and Technology. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the report clearly shows the White House isn't effectively enforcing Privacy Act provisions on executive branch agencies. "It's a surprisingly good law,'' Rotenberg said. "I think the big issue here is oversight and enforcement of the Privacy Act." The GAO investigation was launched a year ago on a request by Sen. Joseph Lieberman, D-Conn., to find out how government agencies are handling privacy issues on their Web sites. Lieberman has spearheaded efforts on the Senate Governmental Affairs Committee to oversee government use of the Internet to provide information to taxpayers. GAO investigators said many of the privacy problems with government Web sites they uncovered could be addressed by the White House Office of Management and Budget issuing more specific guidelines on what information government agencies can release. Office of Management and Budget guidelines forbid dissemination of "substantial" personal information, but they don't tell agencies what that means, or "whether such information as Social Security numbers and credit card numbers qualify as substantial personal information," the GAO said. In its survey of 70 government agencies, congressional investigators classified "substantial" personal information as being a person's name, e-mail address, postal address, telephone number, Social Security number or credit card numbers. The investigation found 23 agencies shared information with other government agencies, and four said they share information with private-sector entities. The agencies were not named. The outside parties included trade organizations, bilateral development banks, product manufacturers, distributors and retailers. Sally Katzen, deputy director of the Office of Management and Budget, said the GAO report didn't reflect considerable progress the Clinton administration has made in persuading government agencies to pay attention to privacy issues. Web sites run by the White House itself have been embroiled in privacy concerns. In June, Scripps Howard News Service reported that Internet sites run by the White House drug czar's office were secretly putting "cookie" programs in the computers of visitors to track what they were doing on the site. Office of Management and Budget Director Jacob Lew ordered drug czar Barry McCaffrey to turn off the cookie machine, and issued a governmentwide directive stating that cookies programs can only be used in rare cases, and only if their use is approved by the agency's director. The GAO survey found seven agencies used cookies, which are small software programs inserted in a visitor's computer. Cookies programs are used by advertising firms to track Internet users' activities, and can be combined with other data to compile profiles of individual Internet users. On the Net: GAO is at htpp://www.gao.gov (Lance Gay is a reporter for Scripps Howard News Service.) Ê
