Big Brother doesn't live up to its own Web site privacy standards, according to a report issued Tuesday — but some normally paranoid watchdogs say the findings aren't necessarily cause for alarm.
The report by the nonpartisan General Accounting Office says most federal Web sites fail to meet the standards for safeguarding private information that the Federal Trade Commission has proposed for e-commerce companies.
Just two of 65 surveyed federal Web sites complied with all four of the "fair information principles" proposed by the FTC for electronic commerce, the report says. The FTC standards are designed to protect consumers' personal information — such as address, age and income range — from being sold to third parties.
Rep. Dick Armey, R-Texas, requested the study from the GAO, which is Congress' investigative wing. Armey called it a "devastating" assessment of what he said was the Clinton-Gore administration's failure to live by its own privacy standards.
"People with glass Web sites should not throw stones," he said in a prepared statement. "Perhaps the government could take a few lessons from the private sector."
Armey favors industry self-regulation and is trying to show that if the FTC guidelines aren't followed by the government itself, then no one should have to follow them, his spokesman said.
One watchdog group called this faulty logic.
Jason Catlett, president of Junkbusters Corp., a privacy advocacy firm, called Armey's point of view "a salacious argument."
He said federal agencies are covered by a range of laws, including the Privacy Act of 1974, and that the FTC's proposed rules were not meant to apply to government sites. The Privacy Act does not allow a federal Web site to even consider distributing personal information, Catlett said.
The White House dismissed the report for the same reasons.
"I think we're comparing apples and oranges here," said spokesman Jake Siewert. "They're comparing it to a policy that was designed for commercial Web sites, which is very different."
But another privacy advocate, Dave Banisar of EPIC (epic.org), said the Privacy Act is badly in need of an update because there are now so many loopholes that government agencies can easily circulate private information among themselves.
"The Privacy Act these days is largely a paper tiger," he said.
Deadbeat Database Has Other Uses
Banisar cited the so-called "Deadbeat Dads Database" as a typical Privacy Act problem.
The database was created with the understanding that it "only be used to track down these deadbeat dads," he said. "But (now) it's a database of every single new hire in the past three years."
Other problems mentioned in the report: 14 percent of the sites allow third parties to deploy tracking devices called "cookies," an e-commerce practice that privacy advocates decry. Cookies are small files a Web site places on a user's computer that often contain personal information. They can be read by the site that put them there — or by any other Web site.
The solution? Work to improve data protection on both federal and commercial sites, say the advocates.
Junkbusters' Catlett wants strict privacy laws passed that would regulate the commercial sector just like the feds. EPIC's Banisar suggested an independent agency to deal with privacy issues.
What seems more clear is what the American people want: An August poll by the Pew Internet Project found 81 percent of respondents favored stricter privacy rules. Only 24 percent, however, said the federal government should be in charge of creating the rules — most said Internet users should make them.
"Basically, Internet users want a seat at the table," said Susannah Fox, director of research at Pew. "And at this point they don't have one either with Internet companies or with government Web sites."
— Reuters contributed to this report