House Majority Leader contends that federal government Web sites have a lousy record of info management and that scant Web security puts personal data at risk. Rep. Dick Armey (R-TX) thinks government should review its practices before preaching about Net privacy.

by Dick Armey U.S. House of Representatives [April 11, 2001]

Americans put a high value on their privacy. And for good reason. I don't want strangers poking around in my business any more than they want me poking around in theirs. But new forms of communication like the Internet present an entirely new challenge for those of us concerned about privacy.

Figuring out exactly what we must do to protect sensitive information in this new environment is no easy task. Many unexpected pitfalls await those who rush into this complicated, emotional issue. In the fast-paced world of the Internet, we must avoid silver-bullet solutions that will quickly become obsolete or leave ourselves vulnerable to criticism that the government is not meeting the standards it requires from others.

Government's privacy problems
Before the federal government becomes too preachy about privacy, it should review it's own practices. The Federal Trade Commission (FTC), for example, thought that it had developed some good ideas for regulating commercial websites to protect privacy. The Commission set out its own privacy principles last May in a report entitled Fair Information Practices in the Electronic Marketplace. The problem was that the good folks at the FTC were so busy figuring out how to regulate the commercial sector that it forgot to regulate itself-and they fell into the hypocrisy trap.

Rep. Billy Tauzin (R-LA) and I asked the General Accounting Office (GAO) to apply the FTC's privacy criteria to the government itself. Not only did the FTC fail to meet the very standards it had asked Congress to impose on everyone else, so did 97 percent of all federal websites surveyed.

I think we can draw a lesson from this. The government should review it's own practices before it becomes too preachy about privacy.

Information at risk
The IRS knows how much money you make and how you spend it. The Department of Labor knows where you work and how long you've worked there. The Department of Health and Human Services (HHS) might well know everything about your medical history, especially if you are on Medicare or Medicaid. They all know your name, address, phone number, Social Security number and maybe even your email address.

According to a recent study by the privacy organization Privacilla, once an agency gathers information about you, it will routinely share that information with other agencies—combining your health, income, and other records. That means your complete life history is floating around the bureaucracy, whether you like it or not. Some of this information sharing is probably beneficial, allowing agencies to work more efficiently. But if government can't protect all that private information from prying eyes, the story changes.

The truth is that the government has a dismal record when it comes to securing sensitive information. According to a study last year by Government Reform Subcommittee Chairman Steve Horn, most federal departments and agencies received a failing grade for their lax computer security procedures. Those failing grades put privacy at risk.

For example, a Veterans' Affairs Oversight Subcommittee hearing last year exposed very disturbing privacy problems within the Department of Veterans' Affairs. The Department's own Inspector General was able to hack into the system and obtain control of individual medical records. The IG testified that weak computer security exposed the records of individual veterans to an assault from hackers armed with only minimal skills.

Unlike many non-VA patients, veterans have no choice about sharing their medical information and have few options if they are dissatisfied with the level of protection the agency gives to their medical privacy. Fortunately, VA Secretary Principi testified last week that the Bush Administration is taking steps to clean up this mess.

The VA's problem was not an isolated incident. The GAO recently revealed perhaps the most disturbing example of the effect of lax government security. GAO auditors found during an investigation last year that IRS computer systems containing tax returns that are filed online were vulnerable to attack from even a hand-held computer. According to GAO's report, hackers not only had the ability to read your tax information, but they could also modify it. That's a scary thought. Fortunately, Treasury Secretary Paul O'Neill has indicated that the Department is addressing this issue. It is clear, nonetheless, that the government has some privacy problems that it must address.

Go to page 2: The Law of Unintended Consequence >