Thompson/Inslee: DOD Report Reveals Numerous Privacy Violations

WASHINGTON, D.C. – U.S. Rep. Jay Inslee (D-WA) and Senate Governmental Affairs Committee Chairman Fred Thompson (R-TN) today announced results of the Defense Department’s Internet privacy audit, which reveals numerous violations of the privacy policy established during the Clinton Administration.

Said Inslee, “Americans should not have to worry about federal agencies monitoring their Internet activity, yet this audit found seven examples of invisible web bugs on Navy, Air Force and Marine Corps web sites. One in four sites did not have a privacy notice– this 25% failure rate is astronomical, given how late we are into the privacy discussion. These disturbing audit results point to the need for remedies– through legislation, if necessary.”

“The American people need to know their privacy is protected when they visit federal government web sites,” Thompson said. “I want to continue working with the Bush Administration to ensure citizens’ privacy on government web sites. I want to commend the Inspectors General on the work that they’ve done so far.”

For 400 DOD Internet sites reviewed, the Inspector General identified the following violations:

        C 128 unauthorized persistent “cookies,” information-collecting devices whose
        use was restricted last summer by the Clinton Administration;

        C 100 sites that did not contain a privacy notice, and;

        C 61 sites that requested voluntary           personal information and did not contain a privacy notice

Further, 38 of the persistent cookies found were third-party commercial cookies, and seven of these cookies contained known web bugs. “Persistent cookies” are short strings of text sent by a web server and stored on a visitor’s system, which can be used to track Internet users’ browsing behavior by identifying users’ IP addresses. “Web bugs” are invisible graphics included on a web site, which are designed to monitor who visits the web site. They may be used to add information to a personal profile of what sites a person is visiting.

The Internet privacy reports were required by the Inslee-Thompson amendment to the Consolidated Appropriations Act of 2000, Section 646. The Inslee-Thompson amendment requires each agency Inspector General to report to Congress on how the agency collects, shares and reviews personal information on its Internet site. The amendment followed a GAO audit requested by Chairman Thompson in October of 2000, which found that 13

agencies were violating the OMB’s privacy policies by using information-gathering devices despite claiming they were not.

According to the Inspector General’s report, DOD was unaware of how commercial companies store, protect, and market information collected from DOD Internet sites. The Inspector General concluded, “DOD has inadequate assurance that the involuntary collection of personal information by commercial companies at DOD web sites is safeguarded and not sold or given away after it is collected.”

Previously released Internet audits on federal agencies have reported agency privacy violations, but none to the degree of the Department of Defense audit.

# # #