The report concluded that, although 85 percent of the sites studied posted a privacy
notice, 31 percent of sites did not meet the FTC criteria for notice. Moreover, 55 did
not meet the criteria for choice, 87 percent did not provide adequate consumer access
to collected data, and 77 percent did not meet the criteria for security.
After receiving the report, Rep. Armey specifically asked the IRS to explain why its
site did not meet FTC guidelines for security. The GAO study found that the IRS web
site used third-party cookies, which are code-based identifier tokens placed on a
consumer's computer by any domain other than the site being surveyed.
"The American people are required to give the IRS the most personal, sensitive
information about themselves and their families," said Armey at the time. He also
criticized the Clinton administration for not living up to its own online privacy
However Peter Swire, chief counselor for privacy of the Office of Management and
Budget, responded that the Clinton administration does not feel the FTC's guidelines
are appropriate for federal Web sites, because federal sites are governed by their own
laws. For example, the government sites do not feature a statement that the site
proprietors' do not sell information, because other laws forbid federal sites from
selling information in the first place.
"The complaint about not following FTC guidelines is highly misleading." and is
like comparing "apples and oranges," Swire said.
As Internet privacy is considered in a highly-charged political climate, the debate
often takes the form of dueling studies commissioned by different factions in
The dueling began in earnest last year. In April of 1999, a study was completed by
the Center of Democracy and Technology, which said that only one-third of federal
agencies had privacy policies clearly posted at their main sites. In response to the
study, the head of the Office of Management and Budget, Jacob Lew, issued a memorandum
that all federal agencies should have privacy policies as of December of last year.
Last month's GAO report was the second of two studies that followed Lew's memo. The
first one was requested of the GAO by Senator Joeseph Lieberman, D-Conn., asking for a
measure of government compliance. That study cited progress toward compliance, stating
that 69 out of 70 web sites now had privacy policies.
Senior News Editor Jack Vaughan contributed to this article.