Government Still Guilty of Using Cookies

More than 60 federal agency Web sites use software to track the habits of users despite rules banning the practice, according to preliminary findings in a report to Congress on Internet privacy released this week.

Senator Fred Thompson, chair of the Governmental Affairs Committee, released the preliminary report from the Office of the Inspector General, which found that 64 federal Web sites used the unauthorized tracking software.

"The federal government should be setting the standard for privacy protection in the Information Age," Thompson (R-Tennessee) says in a statement.

The practice of using Web site tracking software, known as cookies, was restricted by the Clinton administration last year. The administration's rules say agencies shouldn't use cookies unless certain conditions are met, such as a compelling need to collect the data and public disclosure of privacy safeguards for handling the information.

"I think there's more persistent ignoring of the rules than we would liked to have seen," says Representative Jay Inslee (D-Washington), who worked on the privacy provision of the Consolidated Appropriations Act of 2000.

Thompson called on the Bush administration to take action to correct "the previous administration's failure to comply with their own Internet privacy policy." A spokesperson says the senator would also be introducing legislation to establish a commission to look into privacy issues.

Unaware of the Problem?

Part of the problem, according to Thompson's office, is that many of the federal agencies were unaware they were using cookies.

For example, due to the National Aeronautics and Space Administration's failure to maintain Web site inventory, the Inspector General's office couldn't determine "the number of NASA sites, who owns which sites, or whether the sites are in compliance with NASA policy," the audit report states.

The Inspector General's office was required to perform audits on the various departments under the Consolidated Appropriations Act of 2000. One-third, or 16, of the department audits were completed by mid-February. The other agencies are expected to release their findings within a few months.

The departments of Education, Treasury, the Interior, Energy and Transportation, and the General Services Administration were among others using cookies to track the browsing and buying habits of visitors.

Other findings of the report included:

* Half of the Education Department's Internet pages that collect personal information lack posted privacy policies. Nine Web pages were collecting e-mail addresses without users' knowledge.

* Eleven of the Treasury Department's 30 main Web sites were missing privacy policies, and 19 major Web sites weren't listed on the Treasury inventory of sites.

* The GSA has an Internet site managed by a private contractor on which the contractor used a cookie under an agreement that gave him ownership of all of the data collected.

Inslee called the GSA findings "disturbing," saying, "Additional statutory action will be required to enforce these standards."