GOVERNMENT VIOLATES OWN PRIVACY STANDARDS
U.S. House of Representatives Majority Leader Richard Armey recently sent
the following memo to his House colleagues on the subject of privacy and
the unwarranted sharing of confidential information among various
government agencies. The memo appeared in the e-newsletter of the
Coalition for Constitutional Liberties, a conservative Washington D.C.
group. Here is a substantial excerpt from the memo;
"TO: House Colleagues
FROM: Dick Armey
SUBJECT: Privacy: For those who live in glass houses
DATE: April 9, 2001
Americans put a high value on their privacy. And for good reason. I don't
want strangers poking around in my business any more than they want me
poking around in theirs. But new forms of communication like the Internet
present an entirely new challenge for those of us concerned about privacy.
Figuring out exactly what we must do to protect sensitive information in
this new environment is no easy task. Many unexpected pitfalls await those
who rush into this complicated, emotional issue. In the fast-paced world
of the Internet, we must avoid silver-bullet solutions that will quickly
become obsolete or leave ourselves vulnerable to criticism that the
government is not meeting the standards it requires from others.
The Government's Privacy Problems
Before the federal government becomes too preachy about privacy, it
should review it's own practices. The Federal Trade Commission (FTC), for
example, thought that it had developed some good ideas for regulating
commercial websites to protect privacy. The Commission set out its own
privacy principles last May in a report entitled "Fair Information
Practices in the Electronic Marketplace." The problem was that the good
folks at the FTC were so busy figuring out how to regulate the commercial
sector that it forgot to regulate itself--and they fell into the hypocrisy
trap.
Rep. Billy Tauzin and I asked the General Accounting Office (GAO) to
apply the FTC's privacy criteria to the government itself. Not only did
the FTC fail to meet the very standards it had asked Congress to impose on
everyone else, so did 97 percent of all federal websites surveyed. I think
we can draw a lesson from this. The government should review it's own
practices before it becomes too preachy about privacy.
The IRS knows how much money you make and how you spend it. The
Department of Labor knows where you work and how long you've worked there.
The Department of Health and Human Services (HHS) might well know
everything about your medical history, especially if you are on Medicare or
Medicaid. They all know your name, address, phone number, Social Security
number and maybe even your email address.
According to a recent study by the privacy organization Privacilla, once
an agency gathers information about you, it will routinely share that
information with other agencies--combining your health, income, and other
records. That means your complete life history is floating around the
bureaucracy, whether you like it or not. Some of this information sharing
is probably beneficial, allowing agencies to work more efficiently. But if
government can't protect all that private information from prying eyes, the
story changes.
The truth is that the government has a dismal record when it comes to
securing sensitive information. According to a study last year by
Government Reform Subcommittee Chairman Steve Horn, most federal
departments and agencies received a failing grade for their lax computer
security procedures. Those failing grades put privacy at risk.
For example, a Veterans' Affairs Oversight Subcommittee hearing last year
exposed very disturbing privacy problems within the Department of Veterans'
Affairs. The Department's own Inspector General was able to hack into the
system and obtain control of individual medical records. The IG testified
that weak computer security exposed the records of individual veterans to
an assault from hackers armed with only minimal skills.
Unlike many non-VA patients, veterans have no choice about sharing their
medical information and have few options if they are dissatisfied with the
level of protection the agency gives to their medical privacy.
Fortunately, VA Secretary Principi testified last week that the Bush
Administration is taking steps to clean up this mess.
The VA's problem was no isolated incident. The GAO recently revealed
perhaps the most disturbing example of the effect of lax government
security. GAO auditors found during an investigation last year that IRS
computer systems containing tax returns that are filed online were
vulnerable to attack from even hand-held computer. According to GAO's
report, hackers not only had the ability to read your tax information, but
they could also modify it. That's a scary thought. Fortunately, Treasury
Secretary Paul O'Neill has indicated that the Department is addressing this
issue. It is clear, nonetheless, that the government has some privacy
problems that it must address...."