Congress ponders 'Net privacy
Members of the Congressional Internet Caucus told a House subcommittee Wednesday
that U.S. lawmakers should avoid strict Internet privacy rules, which are said to be
favored in Europe, and instead employ a set of "baseline standards." At the hearings,
several speakers pointed to recent indications that the federal government was not
abiding by th same privacy guidelines that have been suggested for commercial Web
"We must be careful that we don't micromanage as the Europeans have done," said
Internet Caucus Co-Chair Bob Goodlatte, R-Va., in calling for adherence to baseline
standards on privacy.
Goodlatte said the Internet privacy debate is complex, because corporations have
historically relied on consumer data as part of their business activity. He noted too
that the use of consumer information by businesses could be useful to consumers.
"Legislation on this matter must be considered carefully," Goodlatte said.
While further legislation in this area is not expected this year, according to W.J.
Billy Tauzin, R-Louisiana, the subcommittee will continue efforts to ensure that both
the federal government and the private sector will "honor the rights of private
The contention that federal Web sites fail to adhere to important Web privacy
guidelines is based on conclusions garnered from a recent report by the General
Accounting Office (GAO.)
The report, released last month, was requested by Reps. Dick Armey, R-Texas, the
House Majority Leader, and Tauzin, to determine how federal Web sites would fare when
measured against the Federal Trade Commission's (FTC's) fair information guidelines. In
May, the FTC asked Congress to enact legislation required adherence to the FTC's four
fair information practices, after reporting that only 20 percent of the busiest
commercial Web sites meet the criteria for all four practices.
The government "does not practice what it preaches," Rep. Tauzin stated at
Wednesday's subcommittee meeting.
The study Tauzin cited found that only three percent of federal Web sites contained
elements of all four of the FTC's guidelines. These guidelines include: Notice, which
requires data collectors disclose their information practices; Choice, which requires
that consumers be given options as to whether and how personal information is collected
from them; Access, which ensures consumers be able to view and contest the accuracy of
data collected about them; and, Security, which requires that data collectors ensure
that information collected from consumers is accurate and secure from unauthorized use.
The report concluded that, although 85 percent of the sites studied posted a privacy
notice, 31 percent of sites did not meet the FTC criteria for notice. Moreover, 55 did
not meet the criteria for choice, 87 percent did not provide adequate consumer access
to collected data, and 77 percent did not meet the criteria for security.
After receiving the report, Rep. Armey specifically asked the IRS to explain why its
site did not meet FTC guidelines for security. The GAO study found that the IRS web
site used third-party cookies, which are code-based identifier tokens placed on a
consumer's computer by any domain other than the site being surveyed.
"The American people are required to give the IRS the most personal, sensitive
information about themselves and their families," said Armey at the time. He also
criticized the Clinton administration for not living up to its own online privacy
However Peter Swire, chief counselor for privacy of the Office of Management and
Budget, responded that the Clinton administration does not feel the FTC's guidelines
are appropriate for federal Web sites, because federal sites are governed by their own
laws. For example, the government sites do not feature a statement that the site
proprietors' do not sell information, because other laws forbid federal sites from
selling information in the first place.
"The complaint about not following FTC guidelines is highly misleading." and is
like comparing "apples and oranges," Swire said.
As Internet privacy is considered in a highly-charged political climate, the debate
often takes the form of dueling studies commissioned by different factions in
The dueling began in earnest last year. In April of 1999, a study was completed by
the Center of Democracy and Technology, which said that only one-third of federal
agencies had privacy policies clearly posted at their main sites. In response to the
study, the head of the Office of Management and Budget, Jacob Lew, issued a memorandum
that all federal agencies should have privacy policies as of December of last year.
Last month's GAO report was the second of two studies that followed Lew's memo. The
first one was requested of the GAO by Senator Joeseph Lieberman, D-Conn., asking for a
measure of government compliance. That study cited progress toward compliance, stating
that 69 out of 70 web sites now had privacy policies.
Senior News Editor Jack Vaughan contributed to this article.