Republicans blast federal Web sites' privacy standards

House Republican leaders Tuesday attempted to turn concerns about Internet privacy against the Clinton administration by releasing a General Accounting Office report which found that 97 percent of federal Web sites, including the Federal Trade Commission's, failed to abide by the FTC's four privacy principles.

"The GAO study is a devastating assessment of the Clinton-Gore administration's failure to live by its own privacy standards," House Majority Leader Richard Armey, R-Texas, said. He requested the study along with House Telecommunications Subcommittee Chairman Billy Tauzin, R-La.

"The federal government is not living up to the standards they want to impose on everyone else," Armey said, referring to a May report in which the FTC voted to recommend broad authority to regulate private sector privacy practices.

Clinton administration officials and an FTC spokesman criticized the report for grading federal Web sites against a standard that they are not expected to live up to. Peter Swire, the administration's privacy counselor at the Office of Management and Budget, said it makes more sense to judge federal sites on whether they meet OMB privacy requirements. He pointed to a separate GAO study on Internet privacy requested by Sen. Joseph Lieberman, D-Conn., which found that 67 out of 70 federal Web sites had posted privacy policies.

"We take issue with the whole premise that GAO is using a study that we wrote looking at commercial Web issues and applying it to the government," said FTC spokesman Eric London. "Choice in the commercial context is not the same as in a government Web site." London added that the agency does not give Internet users a choice about whether personal information will be shared because it is legally required to disclose such information to Congress, the GAO and law enforcement agencies.

Tauzin dismissed the criticism, and pointed to a section in the Lieberman-requested GAO report that found that 44 percent of federal forms online requesting personal information have no privacy policies posted on those pages, which he called a violation of the Privacy Act.

"If the standard is flawed in the way it reviews the federal agencies, it is equally flawed" in a review of business Web sites, he said.

The new GAO report surveyed 65 federal Web sites and found that while 85 percent of them posted some sort of privacy notice, only 69 percent met the FTC's criteria for notice-that it tell visitors what information it collects, how it will be used internally, and whether it will be shared with third parties.

Federal Web sites meeting the other three FTC principles- choice, access and security- dropped off precipitously. Only 45 percent offered consumers some degree of choice over whether their information is shared with third parties; 17 percent permitted customer to access personally identifiable information in order to review and correct inaccuracies; and 23 percent provided some disclosure about the steps they take to secure users' personal information.